[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch and sasl

To: <openldap-software@OpenLDAP.org>
Subject: Re: ldapsearch and sasl
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: 16 Mar 2005 17:45:39 +0100
In-reply-to: <5F6B0055276D6E4881966897D19A45E2015A3982@brimo.glocalnet.com>
References: <5F6B0055276D6E4881966897D19A45E2015A3982@brimo.glocalnet.com>
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3

Hi,

"James Wilde" <james_wilde@glocalnet.com> writes:

[...]
> I can run both:
> 
> ldapsearch -x -b dc=glocalnet,dc=net -D cn=Manager,dc=glocalnet,dc=net 
> '(objectclass=*)'

this is a anonymous bind as you don't specify a password

> and
> 
> ldapsearch -b dc=glocalnet,dc=net -U Manager@glocalnet.net
> '(objectclass=*)'

this is a strong bind with a sasl mechanism.

> and get a full listing from the ldap directory.
> 
> However, I cannot run:
> 
> ldapsearch -b dc=glocalnet,dc=net -D cn=Manager,dc=glocalnet,dc=net 
> '(objectclass=*)'
> 
> When I try, I get the following error message:
> 
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Internal (implementation specific) error
> (80)
>          additional info: SASL(-13): user not found: no secret in
> database
>

With option -D you define a distinguished name, thus you have to initiate a
simple bind with option -x and a password option -W or -w, see man
ldapsearch(1) for more information.

> I have the following lines in slapd.conf:
> 
> sasl_pwcheck_method: saslauthd

this is not a configuration parameter in /etc/openldap/slapd.conf.

[...]
> I'm sure this worked before.  Is there something I'm missing?

[...]

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53

Follow-Ups:
- Re: ldapsearch and sasl
  - From: Howard Chu <hyc@symas.com>

References:
- ldapsearch and sasl
  - From: "James Wilde" <james_wilde@glocalnet.com>

Prev by Date: Re: LDAP + Cyrus
Next by Date: Re: ldapsearch and sasl
Index(es):
- Chronological
- Thread