Rich, ldapsearch -v -h 192.168.122.142 -s sub -U uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" -Y DIGEST-MD5 ldap_initialize( ldap://192.168.122.142 ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops On the client side : [26/Oct/2010:18:15:17 +0200] conn=209 fd=73 slot=73 connection from 192.168.122.94 to 192.168.122.142 [26/Oct/2010:18:15:17 +0200] conn=209 op=0 BIND dn="" method=sasl version=3 mech=DIGEST-MD5 [26/Oct/2010:18:15:17 +0200] conn=209 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [26/Oct/2010:18:15:23 +0200] conn=209 op=1 BIND dn="" method=sasl version=3 mech=DIGEST-MD5 [26/Oct/2010:18:15:23 +0200] conn=209 op=1 RESULT err=49 tag=97 nentries=0 etime=0 [26/Oct/2010:18:15:23 +0200] conn=209 op=-1 fd=73 closed - B1 BR Frederic ;) On Tue, Oct 26, 2010 at 5:55 PM, Rich Megginson <rmeggins at redhat.com> wrote: > Frederic Hornain wrote: > > Dear Rich, > > > > Unfortunatly, it does not work. > > > Could I ask you to do a test on your default RHDS to see if that works ? > I know that DIGEST-MD5 does work. > > If it works then could you provide me the corresponding openldapsearch > > command ? > Can you provide excerpts from your access log showing the failed bind > attempt? > > Thanks for your help. > > > > BR > > Frederic ;) > > > > On Tue, Oct 26, 2010 at 5:21 PM, Rich Megginson <rmeggins at redhat.com > > <mailto:rmeggins at redhat.com>> wrote: > > > > Frederic Hornain wrote: > > > Dear Rich, > > > > > > It is in clear text mode. > > > > > > BR > > > Fred ;) > > > > > > On Tue, Oct 26, 2010 at 5:07 PM, Rich Megginson > > <rmeggins at redhat.com <mailto:rmeggins at redhat.com> > > > <mailto:rmeggins at redhat.com <mailto:rmeggins at redhat.com>>> wrote: > > > > > > Frederic Hornain wrote: > > > > Dear *, > > > > > > > > How can I configure the Directory server in order to use > SASL > > > > DIGEST-MD5 with ldapsearch qnd without error messages? > > > > > > http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SASL.html#Introduction_to_SASL-Authentication_Mechanisms > > > > > > SASL/DIGEST-MD5 requires that the userPassword is in clear > text. > > > > > > > > ldapsearch -W -h xxx.xxx.xxx.xxx -U username -b > > > "dc=example,dc=com" -Y > > > > > > > The username must be in the form of "uid:username" or > > "dn:uid=username,ou=people,...suffix..." > > Also try -X instead of -U > > > > > > > DIGEST-MD5 > > > > Enter LDAP Password : xxxxx > > > > SASL/DIGEST-MD5 authentication started > > > > ldap_sasl_interactive_bind_s: Invalid credentials (49) > > > > additional info: SASL(-14): authorization failure: unable > > canonify > > > > user and get auxprops > > > > > > > > > > > > Thanks in advance for your help and your time. > > > > > > > > BR > > > > Frederic ;) > > > > > > > > ----------------------------------------------------- > > > > Fedora-ambassadors-list mailing list > > > > Fedora-ambassadors-list at redhat.com > > <mailto:Fedora-ambassadors-list at redhat.com> > > > <mailto:Fedora-ambassadors-list at redhat.com > > <mailto:Fedora-ambassadors-list at redhat.com>> > > > > <mailto:Fedora-ambassadors-list at redhat.com > > <mailto:Fedora-ambassadors-list at redhat.com> > > > <mailto:Fedora-ambassadors-list at redhat.com > > <mailto:Fedora-ambassadors-list at redhat.com>>> > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > -- > > > > 389 users mailing list > > > > 389-users at lists.fedoraproject.org > > <mailto:389-users at lists.fedoraproject.org> > > > <mailto:389-users at lists.fedoraproject.org > > <mailto:389-users at lists.fedoraproject.org>> > > > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > -- > > > 389 users mailing list > > > 389-users at lists.fedoraproject.org > > <mailto:389-users at lists.fedoraproject.org> > > > <mailto:389-users at lists.fedoraproject.org > > <mailto:389-users at lists.fedoraproject.org>> > > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > > > > > > > > > > -- > > > ----------------------------------------------------- > > > Fedora-ambassadors-list mailing list > > > Fedora-ambassadors-list at redhat.com > > <mailto:Fedora-ambassadors-list at redhat.com> > > > <mailto:Fedora-ambassadors-list at redhat.com > > <mailto:Fedora-ambassadors-list at redhat.com>> > > > Olpc mailing list > > > olpc-open at laptop.org <mailto:olpc-open at laptop.org> > > <mailto:olpc-open at laptop.org <mailto:olpc-open at laptop.org>> > > > > > > ------------------------------------------------------------------------ > > > > > > -- > > > 389 users mailing list > > > 389-users at lists.fedoraproject.org > > <mailto:389-users at lists.fedoraproject.org> > > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > -- > > 389 users mailing list > > 389-users at lists.fedoraproject.org > > <mailto:389-users at lists.fedoraproject.org> > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > > > > > -- > > ----------------------------------------------------- > > Fedora-ambassadors-list mailing list > > Fedora-ambassadors-list at redhat.com > > <mailto:Fedora-ambassadors-list at redhat.com> > > Olpc mailing list > > olpc-open at laptop.org <mailto:olpc-open at laptop.org> > > ------------------------------------------------------------------------ > > > > -- > > 389 users mailing list > > 389-users at lists.fedoraproject.org > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > 389-users at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- ----------------------------------------------------- Fedora-ambassadors-list mailing list Fedora-ambassadors-list at redhat.com Olpc mailing list olpc-open at laptop.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101026/ce27d08e/attachment-0001.html
