[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: authentication failure: bad digest-uri: doesn't match service



Dan White wrote:
On 06/10/11 09:24 +0000, Juergen.Sprenger@swisscom.com wrote:
Hi,

I am trying to authenticate an Oracle db user against OpenLDAP.

Porting of schema information is ok, ssl-handshake ok, sasl-bind seems ok, SASL works:

ldapwhoami -U testuser -R us.oracle.com -H ldap:/// -Y DIGEST-MD5
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: testuser
SASL SSF: 128
SASL data security layer installed.
dn:cn=testuser,cn=users,dc=its

Run the above ldapwhoami command with "-d7" and see what digest-uri was used in the working request.

Trying to authenticate the oracle-client throws a 'bad digest-uri'-error assuming
digest-uri="ldap:/us.oracle.com":

This is not valid URL syntax. If it's a configured item then fix your config. If it's generated automatically by Oracle then file a bug report with Oracle.

conn=1014 op=1 RESULT tag=97 err=49 text=SASL(-13): authentication
failure: bad digest-uri: doesn't match service

On the Oracle client:
SQL>  connect testuser
Enter password:
ERROR:
ORA-28043: invalid bind credentials for DB-OID connection


Warning: You are no longer connected to ORACLE.
SQL>


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/