Okay, it's Friday and I'm brain-dead. I have openLDAP+SASL+Kerberos up, configured and running with all passwords stored in our kerberos database. I can run queries via simple/anonymous binds, simple/anonymous binds overSSL/TLS, kerberos tickets, and kerberos tickets with SSL/TLS. Where I'm running into problems is a simple user bind
.
See the following:
ldapsearch -x -D "uid=dumbUser,ou=People,dc=example,dc=com" -W -b "" -s base -LLL -H ldaps://server.example.com/ supportedSASLMechanisms
Enter LDAP Password:
ldap_bind: Invalid credentials (49)
A user LDAP record looks like this: dn: uid=dumbUser,ou=People,dc=example,dc=com userPassword: {SASL}dumbUser@KRB.EXAMPLE.COM
You may ask "Why would I want to do this?" Well, I have a few clients that can't do SASL binds.
Any ideas where to look?
-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/