[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
simple bind and ldap_bind: Invalid credentials (49)
- To: OpenLDAP-software@OpenLDAP.org
- Subject: simple bind and ldap_bind: Invalid credentials (49)
- From: Karen R McArthur <kmcarthu@bates.edu>
- Date: Fri, 10 Feb 2006 12:31:39 -0500
- Organization: Bates College
- User-agent: Thunderbird 1.5 (Windows/20051201)
Okay, it's Friday and I'm brain-dead. I have openLDAP+SASL+Kerberos up,
configured and running with all passwords stored in our kerberos
database. I can run queries via simple/anonymous binds,
simple/anonymous binds overSSL/TLS, kerberos tickets, and kerberos
tickets with SSL/TLS. Where I'm running into problems is a simple user
bind.
See the following:
ldapsearch -x -D "uid=dumbUser,ou=People,dc=example,dc=com" -W -b "" -s
base -LLL -H ldaps://server.example.com/ supportedSASLMechanisms
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
A user LDAP record looks like this:
dn: uid=dumbUser,ou=People,dc=example,dc=com
userPassword: {SASL}dumbUser@KRB.EXAMPLE.COM
You may ask "Why would I want to do this?" Well, I have a few clients
that can't do SASL binds.
Any ideas where to look?
--
Karen R. McArthur <kmcarthu@bates.edu>
Systems Administrator
Information and Library Services, Bates College
Lewiston, Maine 04240
ph:(207) 786-8236 fax:(207) 786-6057
########################################
#from slapd.conf
#SASL configuration
sasl-realm KRB.EXAMPLE.COM
sasl-host server.example.com
sasl-secprops noanonymous
sasl-regexp
uid=(.*),cn=krb.example.com,cn=gssapi,cn=auth
uid=$1,ou=People,dc=example,dc=com
sasl-regexp
cn=(.*),cn=krb.example.com,cn=gssapi,cn=auth
uid=$1,ou=People,dc=example,dc=com
sasl-regexp
uid=(.*),cn=example.com,cn=kerberos_v4,cn=auth
ldap:///ou=People,dc=example,dc=com??sub?(uid=$1)
access to attr=userPassword
by anonymous auth
by by dn="cn=Manager,dc=example,dc=com" write
by dn="uid=ldapadm.+\+(realm=ILS\.EXAMPLE\.COM)" write
by * none