> >> The same command without '-x -W', or ldapwhoami with no args, does not > >> work: > >> > >> $ ldapwhoami -D 'uid=burianj,ou=people,dc=cqcb' > >> SASL/PLAIN authentication started > >> Please enter your password: > >> ldap_sasl_interactive_bind_s: Invalid credentials (49) > >> additional info: SASL(-13): user not found: Password > >> verification failed > > > > if you want a SASL bind with PLAIN mechanism and TLS, the ldapwhoami > > should look something like > > > > $ ldapwhoami -Y PLAIN -U burianj -ZZ -H ldap://localhost > > I'm not having a problem getting TLS to work. ldapwhoami is connecting > over port 636, I see correct TLS messages in the log file, and > ldapwhoami reports that it is authenticating with SASL/PLAIN. For the > record, if I try the above command, forcing the connection over port 389 > and using StartTLS, I get the same results as just using "ldapwhoami" or > "ldapwhoami -D 'uid=burianj,ou=people,dc=cqcb'". The problem is simple > authentication works, SASL/PLAIN authentication with the same DN and > password fails. But, SASL authentication does not use a DN, but a username (as provided in the example Dieter gave you above). And you would need to have configured slapd to map a SASL identity to a DN for the bind to succeed. So, please provide the commandline you are using with the SASL bind that is failing. Regards, Buchan -- Buchan Milne ISP Systems Specialist - Monitoring/Authentication Team Leader B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592) http://en.wikipedia.org/wiki/List_of_Internet_slang_phrases
Attachment:
pgpaY2FueoS1R.pgp
Description: PGP signature