Dan White wrote:
On 06/10/11 09:24 +0000, Juergen.Sprenger@swisscom.com wrote:Hi, I am trying to authenticate an Oracle db user against OpenLDAP. Porting of schema information is ok, ssl-handshake ok, sasl-bind seems ok, SASL works: ldapwhoami -U testuser -R us.oracle.com -H ldap:/// -Y DIGEST-MD5 SASL/DIGEST-MD5 authentication started Please enter your password: SASL username: testuser SASL SSF: 128 SASL data security layer installed. dn:cn=testuser,cn=users,dc=its
Run the above ldapwhoami command with "-d7" and see what digest-uri was used in the working request.
Trying to authenticate the oracle-client throws a 'bad digest-uri'-error assuming digest-uri="ldap:/us.oracle.com":
This is not valid URL syntax. If it's a configured item then fix your config. If it's generated automatically by Oracle then file a bug report with Oracle.
conn=1014 op=1 RESULT tag=97 err=49 text=SASL(-13): authentication failure: bad digest-uri: doesn't match serviceOn the Oracle client: SQL> connect testuser Enter password: ERROR: ORA-28043: invalid bind credentials for DB-OID connection Warning: You are no longer connected to ORACLE. SQL>
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/