[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP authenticate the username/password with MS-AD?

On 20/07/10 12:44 +0600, OSHIM wrote:
ldapsearch  -Y PLAIN -U swimonowar -W -b dc=myproject,dc=net -v -d 1
ldap_initialize( <DEFAULT> )
Enter LDAP Password: ldap_sasl_interactive_bind_s: user selected: PLAIN
ldap_int_sasl_bind: PLAIN
ldap_new_connection 1 1 0
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_int_sasl_open: host=myproject.net
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)

getting this error


ldapsearch -LLL -x -H ldap://ldap.example.org -s "base" -b ""

to see which mechanisms are offered by the server.

It appears that you will need to add the following line to your OpenLDAP
config file (not your SASL config file), to have slapd offer the PLAIN

sasl-secprops none

See the manpage for slapd.conf for additional details. Doing so
is a security risk, and you should consider using SSL/TLS in a
production environment.

Dan White