Dear *, I think I found the solution. Indeed, you were all right ! The correct command yith the Openldap ldapsearch command is : ldapsearch -v -h 192.168.122.142 -p 389 -s base -U "dn:uid=fhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y DIGEST-MD5 But you need to have the password of the user - here fhornain in clear mode text on the LDAP server - and be sure that your LDAP Server accept DIGEST-MD5 mechanism. In order to check that, type the folloying command : ldapsearch -x -LLL -h 192.168.122.142 -p 389 -b "" -s base -D "cn=Directory Manager" -w ThePassword objectclass=* supportedSASLMechanisms If you have something like : dn : supportedSASLMechanisms: DIGEST-MD5 Then it is OK. Finally, my problem was due to the fact that I did "uid=fhornain,ou=People,dc=example,dc=com" instead of "dn:uid=fhornain,ou=People,dc=example,dc=com". Sorry for that and Many thanks for your great help. BR Frederic ;) On Wed, Oct 27, 2010 at 12:01 AM, Marc Sauton <msauton at redhat.com> wrote: > -U fhornain > ? > > > On 10/26/2010 02:28 PM, Frederic Hornain wrote: > > Rich, > I tried with > -U "u:fhornain" > or > -U "dn:uid=fhornain,ou=People,dc=example,dc=com" > > I still have the same problem. > > Thanks for your help > BR > Frederic ;) > > > On Tue, Oct 26, 2010 at 6:40 PM, Rich Megginson <rmeggins at redhat.com>wrote: > >> Frederic Hornain wrote: >> > Dear Patrick, >> > >> > ldapsearch -v -h 192.168.122.142 -s sub -U >> > "dn:uidfhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y >> > DIGEST-MD5 >> use either >> -U "u:fhornain" >> or >> -U "dn:uid=fhornain,ou=People,dc=example,dc=com" >> >> > ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> ) >> > SASL/DIGEST-MD5 authentication started >> > Please enter your password: >> > ldap_sasl_interactive_bind_s: Invalid credentials (49) >> > additional info: SASL(-14): authorization failure: unable canonify >> > user and get auxprops >> > >> > >> > Thanks for you help, I appreciate. >> > >> > BR >> > Frederic ;) >> > >> > 2010/10/26 Morris, Patrick <patrick.morris at hp.com >> > <mailto:patrick.morris at hp.com>> >> > >> > On 10/26/2010 9:14 AM, Frederic Hornain wrote: >> >> Rich, >> >> >> >> >> >> ldapsearch -v -h 192.168.122.142 -s sub -U >> >> uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" >> >> -Y DIGEST-MD5 >> >> ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> ) >> >> SASL/DIGEST-MD5 authentication started >> >> Please enter your password: >> >> ldap_sasl_interactive_bind_s: Invalid credentials (49) >> >> additional info: SASL(-14): authorization failure: unable >> >> canonify user and get auxprops >> > >> > "uid:fhornain,ou=People,dc=example,dc=com" >> > >> > If you use the "uid:" syntax, it should be followed by a uid, not >> > a dn. Or you can use the "dn:" syntax if you want to use a dn. >> > >> > You may have other things going on here, but the way you've >> > specified the user definitely isn't going to work. >> > >> > -- >> > 389 users mailing list >> > 389-users at lists.fedoraproject.org >> > <mailto:389-users at lists.fedoraproject.org> >> > https://admin.fedoraproject.org/mailman/listinfo/389-users >> > >> > >> > >> > >> > -- >> > ----------------------------------------------------- >> > Fedora-ambassadors-list mailing list >> > Fedora-ambassadors-list at redhat.com >> > <mailto:Fedora-ambassadors-list at redhat.com> >> > Olpc mailing list >> > olpc-open at laptop.org <mailto:olpc-open at laptop.org> >> > ------------------------------------------------------------------------ >> > >> > -- >> > 389 users mailing list >> > 389-users at lists.fedoraproject.org >> > https://admin.fedoraproject.org/mailman/listinfo/389-users >> >> -- >> 389 users mailing list >> 389-users at lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > > > -- > ----------------------------------------------------- > Fedora-ambassadors-list mailing list > Fedora-ambassadors-list at redhat.com > Olpc mailing list > olpc-open at laptop.org > > > -- > 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users > > > -- ----------------------------------------------------- Fedora-ambassadors-list mailing list Fedora-ambassadors-list at redhat.com Olpc mailing list olpc-open at laptop.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20101027/f5693718/attachment-0001.html
