[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP authenticate the username/password with MS-AD?

test:~/lsc/etc# ldapsearch -U oshim -W -b dc=myproject,dc=net
Enter LDAP Password: 
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)

On Jul 19, 2010, at 9:57 PM, Dan White wrote:

> On 19/07/10 21:18 +0600, OSHIM wrote:
>> i have configured saslauthd with openldap to authenticate MS AD
>> when I run testsaslauthd -u swioshim -p Test2010   then i got 0: OK "Success."
>> (swioshim is my MS AD user and Test2010 password coming from MS AD)
>> but when i run
>> ldapsearch -x -D "cn=swioshim,dc=myproject,dc=com" -W -b dc=myproject,dc=com
>> then getting error : ldap_bind: Invalid credentials (49)
>> please help
> saslauthd will not be called for simple (non-sasl) binds. You will need to
> tell ldapsearch to bind with SASL, such as:
> ldapsearch -U swioshim -W -b dc=myproject,dc=com
> You'll need to configure /usr/lib/sasl2/slapd.conf with:
> pwcheck_method: saslauthd
> mech_list: plain login
> And if you want to map the derived authentication identity to a DN in your
> slapd tree, then you'll need to configure appropriate authz-regexp
> statements. See chapter 15 (Using SASL) of the OpenLDAP administrator's
> guide.
> -- 
> Dan White