[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_sasl_interative_bind_s error




Without a -x, the ldap* commands attempt to bind using SASL authentication, rather than straight, cleartext password authentication. If you want to use SASL authentication, you'll have to set it up.


IMHO, SASL is a worse than useless security system. It stores passwords in cleartext and thinks it is improving security by allowing authentication by passing, in cleartext, the MD5 hash of a password. Unfortunately, SASL managed to get itself into the v3 LDAP spec.

Either always use the -x or recompile OpenLDAP --without-sasl.