Try this,

ldapsearch -h <servername> -p <PortNumber> -x -D cn=Manager,dc=nits,dc=ac,dc=in -W -b dc=nits,dc=ac,dc=in '(uid=jmaan*)'

-----Original Message-----
From: openldap-software-bounces+kumuthiny.srilakshmanan=auspost.com.au@OpenLDAP.org [mailto:openldap-software-bounces+kumuthiny.srilakshmanan=auspost.com.au@OpenLDAP.org] On Behalf Of Jyotishmaan Ray
Sent: Thursday, 20 December 2007 3:31 AM
To: openldap-software@openldap.org
Subject: ldapsearch in openldap problem

Plz see below the output of  ldapsearch using -x and -D options:-

Please find enclosed the slapd.conf and /etc/ldap.conf files herewith in text format.

Please let me know why i am getting these errors. Had been trying since a few months for successful authentication. studied gssapi,sasl, etc types of authentication mechanisms. It seems no ways other than this list for deep insights into ldapsearch and then sucessful authentication!!

1)
[root@authdns openldap]# ldapsearch -D 'dc=nits,dc=ac,dc=in' '(uid=jmaan*)'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): user not found: no secret in database
[root@authdns openldap]#

2) When ldapsearch is used with -x -b the output is shown as below:-

[root@authdns openldap]# ldapsearch  -x -b  'dc=nits,dc=ac,dc=in' '(uid=jmaan*)'
# extended LDIF
#
# LDAPv3
# base <dc=nits,dc=ac,dc=in> with scope subtree
# filter: (uid=jmaan*)
# requesting: ALL
#

# jmaan, non-teach, compcen, nits.ac.in
dn: uid=jmaan,stornt=non-teach,bn=compcen,dc=nits,dc=ac,dc=in
uid: jmaan
cn: jmaan
objectClass: account
objectClass: posixAccount
loginShell: /bin/bash
uidNumber: 623
gidNumber: 623
homeDirectory: /home/jmaan

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

In the below output, i have tried using the "Manager"'s password as well as "uid"'s password to lon on to the server, but in both the cases, the authentication could not be successful:-

[root@authdns ~]# ldapsearch -b 'dc=nits,dc=ac,dc=in' '(uid=jmaan*)'
SASL/DIGEST-MD5 authentication started
Please enter your password:
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): user not found: no secret in database
[root@authdns ~]#

The output of ldapwhoami command is as shown below with -x and -D options:-

[root@authdns openldap]# ldapwhoami  -D "cn=Manager,dc=nits,dc=ac,dc=in " -W
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
        additional info: SASL(-13): user not found: no secret in database
[root@authdns openldap]# ldapwhoami -x  -D "cn=Manager,dc=nits,dc=ac,dc=in " -W
Enter LDAP Password:
dn:cn=Manager,dc=nits,dc=ac,dc=in
Result: Success (0)
[root@authdns openldap]#

[root@authdns openldap]# ldapwhoami -x  "cn=Manager,dc=nits,dc=ac,dc=in "
anonymous
Result: Success (0)
[root@authdns openldap]#

Is it necessary to create a userid and a password in the sasldb using saslpasswd2 :-
Though i created a saslpasswd2 for the user "jmaan" for performing the ldapsearch, without using -x, it is yet not successful.

Please give me hints why it is as such unsuccessful and shown above, without std output from the console.

One more thind my ldap server is on Linux fedora o.s.

Thanking you in anticipation,

Jyotishmaan


 
With Thanks and Regards,
Jyotishmaan Ray
Moderator Of Paradise Groups
 
Are You Spiritually Aware  !!! Are You Enjoying Yourself  !!!  See What All You Had Been Missing !!!!
Please Join Immediately By Sending A Blank Mail @ 
Spirituality-Paradise-subscribe@yahoogroups.com
 
 
 



Looking for last minute shopping deals? Find them fast with Yahoo! Search.

Australia Post is committed to providing our customers with excellent service. If we can assist you in any way please telephone 13 13 18 or visit our website.

The information contained in this e-mail communication may be proprietary, confidential or legally professionally privileged.  It is intended exclusively for the individual or entity to which it is addressed. You should only read, disclose, re-transmit, copy, distribute, act in reliance on or commercialise the information if you are authorised to do so. Australia Post does not represent, warrant or guarantee the integrity of this e-mail communication has been maintained nor that the communication is free of errors, virus or interference.

If you are not the addressee or intended recipient please notify us by replying direct to the sender and then destroy any electronic or paper copy of this message. Any views expressed in this e-mail communication are taken to be those of the individual sender, except where the sender specifically attributes those views to Australia Post and is authorised to do so.