[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP authenticate the username/password with MS-AD?

To: Dan White <dwhite@olp.net>
Subject: Re: OpenLDAP authenticate the username/password with MS-AD?
From: OSHIM <mhoshim@gmail.com>
Date: Mon, 19 Jul 2010 23:59:04 +0600
Cc: Jonathan Clarke <jonathan@phillipoux.net>, "andrew.findlay@skills-1st.co.uk" <andrew.findlay@skills-1st.co.uk>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=4W0IOcQYbl4U5lVx4BhetBcfsWNLHVMF/xjEV1dY8vo=; b=U29uVL7VDCurZlO9ftFaTaYMEkH+2ibPMbbE5IwZBMf1NjVdnHQR/PbEV/w/ov+beG Cait+WdJyrNu1tauQCfSLx3oPWv8cUurp4Tkm9meyH8pSZj3EYt7ExkfmiD+EhqSh5Fj Hl6qHsxsr5chVE8cLQmUq3/BBN6y5GodwEqB0=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=UwaQjj3uc1FdLnHlFtWcgnHAYE6TUJucXtTx7yLU21td3QcmCO32DjtypatRzQStNt U6JBuq+BfjwxW5/OqnAZ8EMuG43hyiziY6UP1I4QVAKLtefQlHCUhDD+olj3n3ZVMdQf pOVRS7ABLuzO5U0Nx3n6b2lAL4Em1ZumliNc0=
In-reply-to: <20100719155742.GD2510@dan.olp.net>
References: <E4481F58-15BD-4F86-9F79-194097713D79@gmail.com> <20100718173105.GE12404@dan.olp.net> <4EBC8E86-1E19-46CD-964F-F57D35B2CCB5@gmail.com> <20100718185730.GF12404@dan.olp.net> <B6960B5A-ED62-4B22-B385-19DC27940265@gmail.com> <4C442DFA.4030405@phillipoux.net> <65EE30A8-5409-4842-8991-D252A3442473@gmail.com> <20100719155742.GD2510@dan.olp.net>

test:~/lsc/etc# ldapsearch -U oshim -W -b dc=myproject,dc=net
Enter LDAP Password: 
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)


On Jul 19, 2010, at 9:57 PM, Dan White wrote:

> On 19/07/10 21:18 +0600, OSHIM wrote:
>> i have configured saslauthd with openldap to authenticate MS AD
>> when I run testsaslauthd -u swioshim -p Test2010   then i got 0: OK "Success."
>> (swioshim is my MS AD user and Test2010 password coming from MS AD)
>> 
>> but when i run
>> ldapsearch -x -D "cn=swioshim,dc=myproject,dc=com" -W -b dc=myproject,dc=com
>> 
>> then getting error : ldap_bind: Invalid credentials (49)
>> 
>> please help
> 
> saslauthd will not be called for simple (non-sasl) binds. You will need to
> tell ldapsearch to bind with SASL, such as:
> 
> ldapsearch -U swioshim -W -b dc=myproject,dc=com
> 
> You'll need to configure /usr/lib/sasl2/slapd.conf with:
> 
> pwcheck_method: saslauthd
> mech_list: plain login
> 
> And if you want to map the derived authentication identity to a DN in your
> slapd tree, then you'll need to configure appropriate authz-regexp
> statements. See chapter 15 (Using SASL) of the OpenLDAP administrator's
> guide.
> 
> -- 
> Dan White

Follow-Ups:
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: Dan White <dwhite@olp.net>

References:
- OpenLDAP authenticate the username/password with MS-AD?
  - From: OSHIM <mhoshim@gmail.com>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: Dan White <dwhite@olp.net>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: OSHIM <mhoshim@gmail.com>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: Dan White <dwhite@olp.net>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: OSHIM <mhoshim@gmail.com>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: Jonathan Clarke <jonathan@phillipoux.net>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: OSHIM <mhoshim@gmail.com>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: Dan White <dwhite@olp.net>

Prev by Date: Re: OpenLDAP authenticate the username/password with MS-AD?
Next by Date: Re: OpenLDAP authenticate the username/password with MS-AD?
Index(es):
- Chronological
- Thread