Re: simple bind and ldap_bind: Invalid credentials (49)

[Howard Chu <hyc@symas.com>]

Karen R McArthur wrote:
> Okay, it's Friday and I'm brain-dead.  I have openLDAP+SASL+Kerberos 
> up, configured and running with all passwords stored in our kerberos 
> database.  I can run queries via simple/anonymous binds, 
> simple/anonymous binds overSSL/TLS, kerberos tickets, and kerberos 
> tickets with SSL/TLS.  Where I'm running into problems is a simple 
> user bind

What version of OpenLDAP, and did you configure it with 
--enable-spasswd? Did you configure slapd to use saslauthd, and is 
saslauthd running with the Kerberos mechanism enabled? Seems like this 
should be in the FAQ by now.
> .
>
> See the following:
>
> ldapsearch -x -D "uid=dumbUser,ou=People,dc=example,dc=com" -W -b "" 
> -s base -LLL -H ldaps://server.example.com/ supportedSASLMechanisms
> Enter LDAP Password:
> ldap_bind: Invalid credentials (49)
>
> A user LDAP record looks like this:
> dn: uid=dumbUser,ou=People,dc=example,dc=com
> userPassword: {SASL}dumbUser@KRB.EXAMPLE.COM
>
> You may ask "Why would I want to do this?"  Well, I have a few clients 
> that can't do SASL binds.
>
> Any ideas where to look?


--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/