[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP authenticate the username/password with MS-AD?

To: OSHIM <mhoshim@gmail.com>
Subject: Re: OpenLDAP authenticate the username/password with MS-AD?
From: Dan White <dwhite@olp.net>
Date: Tue, 20 Jul 2010 08:31:38 -0500
Cc: Jonathan Clarke <jonathan@phillipoux.net>, "andrew.findlay@skills-1st.co.uk" <andrew.findlay@skills-1st.co.uk>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <31B870B2-74E4-41CE-88DB-9D36F3049CAC@gmail.com>
References: <20100718173105.GE12404@dan.olp.net> <4EBC8E86-1E19-46CD-964F-F57D35B2CCB5@gmail.com> <20100718185730.GF12404@dan.olp.net> <B6960B5A-ED62-4B22-B385-19DC27940265@gmail.com> <4C442DFA.4030405@phillipoux.net> <65EE30A8-5409-4842-8991-D252A3442473@gmail.com> <20100719155742.GD2510@dan.olp.net> <B21B9007-3B6D-4376-80D0-1C20CCF4A300@gmail.com> <20100719185833.GF2510@dan.olp.net> <31B870B2-74E4-41CE-88DB-9D36F3049CAC@gmail.com>
User-agent: Mutt/1.5.18 (2008-05-17)

On 20/07/10 12:44 +0600, OSHIM wrote:

ldapsearch  -Y PLAIN -U swimonowar -W -b dc=myproject,dc=net -v -d 1
ldap_initialize( <DEFAULT> )
ldap_create

Enter LDAP Password:ldap_sasl_interactive_bind_s: user selected: PLAIN

ldap_int_sasl_bind: PLAIN
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_int_sasl_open: host=myproject.net
ldap_err2string
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)

getting this error


Use:

ldapsearch -LLL -x -H ldap://ldap.example.org -s "base" -b ""
supportedSASLMechanisms

to see which mechanisms are offered by the server.

It appears that you will need to add the following line to your OpenLDAP
config file (not your SASL config file), to have slapd offer the PLAIN
mechanism:

sasl-secprops none

See the manpage for slapd.conf for additional details. Doing so
is a security risk, and you should consider using SSL/TLS in a
production environment.

--
Dan White

Follow-Ups:
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: OSHIM <mhoshim@gmail.com>

References:
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: Dan White <dwhite@olp.net>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: OSHIM <mhoshim@gmail.com>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: Dan White <dwhite@olp.net>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: OSHIM <mhoshim@gmail.com>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: Jonathan Clarke <jonathan@phillipoux.net>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: OSHIM <mhoshim@gmail.com>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: Dan White <dwhite@olp.net>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: OSHIM <mhoshim@gmail.com>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: Dan White <dwhite@olp.net>
- Re: OpenLDAP authenticate the username/password with MS-AD?
  - From: OSHIM <mhoshim@gmail.com>

Prev by Date: Ldapsearch Error while using Back-NDB
Next by Date: Re: OpenLDAP authenticate the username/password with MS-AD?
Index(es):
- Chronological
- Thread