Re: Fwd: Example for SASL bind to Microsoft AD

["Michael StrÃder" <michael@stroeder.com>]

On Fri, 26 Jul 2013 09:27:29 +0200 Michael StrÃder <michael@stroeder.com>
wrote
> radiatejava wrote:
> > Thanks Michael for the response. Would you mind sharing the exact
> > syntax (I am having Win 2008 server) and getting these errors:
> >
> > ldapsearch -H ldap://10.77.125.83  -s sub -b "dc=agentdev,dc=com" -D
> > sburnwal@agentdev.com -Y DIGEST-MD5 "(cn=iqsyed)"
> > SASL/DIGEST-MD5 authentication started
> > Please enter your password:
> > ldap_sasl_interactive_bind_s: Invalid credentials (49)
> >      additional info: 80090303: LdapErr: DSID-0C0904BE, comment: The
> > digest-uri does not match any LDAP SPN's registered for this server.,
> > data 0, v1db1
> >
> > ldapsearch -h 10.77.125.83 -p 389 -D
> > "CN=sburnwal,CN=Users,DC=agentdev,DC=com" -W -s sub -b
> > "dc=agentdev,dc=com" -Y DIGEST-MD5 "(cn=iqsyed)"
> > Enter LDAP Password:
> > SASL/DIGEST-MD5 authentication started
> > ldap_sasl_interactive_bind_s: Invalid credentials (49)
> >      additional info: 80090303: LdapErr: DSID-0C0904BE, comment: The
> > digest-uri does not match any LDAP SPN's registered for this server.,
> > data 0, v1db1
> 
> The option -D is for LDAP simple bind only.
> Use -X <authzid> as noted in the man-page for ldapsearch. Use the value in 
> attribute SAM-Account-Name (LDAP attribute name 'sAMAccountName') for
> <authzid>. 

Sorry, -X was wrong. You have to use -U <SAM-Account-Name>

Ciao, Michael.