[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch and sasl



Hi,

"James Wilde" <james_wilde@glocalnet.com> writes:

[...]
> I can run both:
> 
> ldapsearch -x -b dc=glocalnet,dc=net -D cn=Manager,dc=glocalnet,dc=net 
> '(objectclass=*)'

this is a anonymous bind as you don't specify a password

> and
> 
> ldapsearch -b dc=glocalnet,dc=net -U Manager@glocalnet.net
> '(objectclass=*)'

this is a strong bind with a sasl mechanism.

> and get a full listing from the ldap directory.
> 
> However, I cannot run:
> 
> ldapsearch -b dc=glocalnet,dc=net -D cn=Manager,dc=glocalnet,dc=net 
> '(objectclass=*)'
> 
> When I try, I get the following error message:
> 
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Internal (implementation specific) error
> (80)
>          additional info: SASL(-13): user not found: no secret in
> database
>

With option -D you define a distinguished name, thus you have to initiate a
simple bind with option -x and a password option -W or -w, see man
ldapsearch(1) for more information.

> I have the following lines in slapd.conf:
> 
> sasl_pwcheck_method: saslauthd

this is not a configuration parameter in /etc/openldap/slapd.conf.

[...]
> I'm sure this worked before.  Is there something I'm missing?

[...]

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53