[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch and sasl



Dieter Kluenter wrote:

Hi,

"James Wilde" <james_wilde@glocalnet.com> writes:


and get a full listing from the ldap directory.

However, I cannot run:

ldapsearch -b dc=glocalnet,dc=net -D cn=Manager,dc=glocalnet,dc=net '(objectclass=*)'

When I try, I get the following error message:

SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
        additional info: SASL(-13): user not found: no secret in
database

With option -D you define a distinguished name, thus you have to initiate a
simple bind with option -x and a password option -W or -w, see man
ldapsearch(1) for more information.


Actually it's irrelevant. Without "-x" it will perform a SASL Bind and then the DN specified by -D is ignored.

I have the following lines in slapd.conf:

sasl_pwcheck_method: saslauthd


this is not a configuration parameter in /etc/openldap/slapd.conf.


Perhaps he meant /usr/lib/sasl2/slapd.conf.

If that's the case, this is a problem because saslauthd only supports cleartext authentication mechanisms, not DIGEST-MD5. DIGEST-MD5 will only work with an auxprop (which is the default) mech. You're better off not creating /usr/lib/sasl2/slapd.conf and just running with the default settings there.

--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support