Dear *,
I think I found the solution.
Indeed, you were all right !
The correct command yith the Openldap ldapsearch command is :
ldapsearch -v -h 192.168.122.142 -p 389 -s base -U "dn:uid=fhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y DIGEST-MD5
But you need to have the password of the user - here fhornain in clear mode text on the LDAP server - and be sure that your LDAP Server accept DIGEST-MD5 mechanism.
In order to check that, type the folloying command :
ldapsearch -x -LLL -h 192.168.122.142 -p 389 -b "" -s base -D "cn=Directory Manager" -w ThePassword objectclass=* supportedSASLMechanisms
If you have something like :
dn :
supportedSASLMechanisms: DIGEST-MD5
Then it is OK.
Finally, my problem was due to the fact that I did "uid=fhornain,ou=People,dc=example,dc=com" instead of "dn:uid=fhornain,ou=People,dc=example,dc=com".
Sorry for that and Many thanks for your great help.
BR
Frederic ;)
On Wed, Oct 27, 2010 at 12:01 AM, Marc Sauton <msauton@xxxxxxxxxx> wrote:
-U fhornain
?
On 10/26/2010 02:28 PM, Frederic Hornain wrote:Rich,
I tried with
-U "u:fhornain"
or
-U "dn:uid=fhornain,ou=People,dc=example,dc=com"
I still have the same problem.
Thanks for your help
BR
Frederic ;)
On Tue, Oct 26, 2010 at 6:40 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
Frederic Hornain wrote:use either
> Dear Patrick,
>
> ldapsearch -v -h 192.168.122.142 -s sub -U
> "dn:uidfhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y
> DIGEST-MD5
-U "u:fhornain"
or
-U "dn:uid=fhornain,ou=People,dc=example,dc=com"
> ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> )
> SASL/DIGEST-MD5 authentication started> <mailto:patrick.morris@xxxxxx>>
> Please enter your password:
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> additional info: SASL(-14): authorization failure: unable canonify
> user and get auxprops
>
>
> Thanks for you help, I appreciate.
>
> BR
> Frederic ;)
>
> 2010/10/26 Morris, Patrick <patrick.morris@xxxxxx
>>> ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> )
> On 10/26/2010 9:14 AM, Frederic Hornain wrote:
>> Rich,
>>
>>
>> ldapsearch -v -h 192.168.122.142 -s sub -U
>> uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com"
>> -Y DIGEST-MD5
>> SASL/DIGEST-MD5 authentication started> <mailto:389-users@xxxxxxxxxxxxxxxxxxxxxxx>
>> Please enter your password:
>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>> additional info: SASL(-14): authorization failure: unable
>> canonify user and get auxprops
>
> "uid:fhornain,ou=People,dc=example,dc=com"
>
> If you use the "uid:" syntax, it should be followed by a uid, not
> a dn. Or you can use the "dn:" syntax if you want to use a dn.
>
> You may have other things going on here, but the way you've
> specified the user definitely isn't going to work.
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users> <mailto:Fedora-ambassadors-list@xxxxxxxxxx>
>
>
>
>
> --
> -----------------------------------------------------
> Fedora-ambassadors-list mailing list
> Fedora-ambassadors-list@xxxxxxxxxx
> Olpc mailing list
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
-----------------------------------------------------
Fedora-ambassadors-list mailing list
Fedora-ambassadors-list@xxxxxxxxxx
Olpc mailing list
olpc-open@xxxxxxxxxx
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
--
-----------------------------------------------------
Fedora-ambassadors-list mailing list
Fedora-ambassadors-list@xxxxxxxxxx
Olpc mailing list
olpc-open@xxxxxxxxxx
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
