[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: simple bind and ldap_bind: Invalid credentials (49)

Karen R McArthur wrote:
Okay, it's Friday and I'm brain-dead. I have openLDAP+SASL+Kerberos up, configured and running with all passwords stored in our kerberos database. I can run queries via simple/anonymous binds, simple/anonymous binds overSSL/TLS, kerberos tickets, and kerberos tickets with SSL/TLS. Where I'm running into problems is a simple user bind

What version of OpenLDAP, and did you configure it with --enable-spasswd? Did you configure slapd to use saslauthd, and is saslauthd running with the Kerberos mechanism enabled? Seems like this should be in the FAQ by now.

See the following:

ldapsearch -x -D "uid=dumbUser,ou=People,dc=example,dc=com" -W -b "" -s base -LLL -H ldaps://server.example.com/ supportedSASLMechanisms
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

A user LDAP record looks like this:
dn: uid=dumbUser,ou=People,dc=example,dc=com
userPassword: {SASL}dumbUser@KRB.EXAMPLE.COM

You may ask "Why would I want to do this?" Well, I have a few clients that can't do SASL binds.

Any ideas where to look?

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/