On Jan 29, 2007, at 3:06 AM, Radhakrishnan Balasubramanian wrote:
I have Openldap Server -2.2.13 with Cyrus SASL
I am trying to do ldapsearch for digest-md5 .I am
getting the following error :
ldapsearch -Y digest-md5 -D
"uid=pokemon,ou=People,dc=cisco,dc=com" -w pokemon123
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: SASL(-13): authentication
failure: client response doesn't match what we
But ldapsearch with -U option is successful. Please
let me know what need to be done on my LDAP server for
making ldapsearch sucessful without using -U (SASL
authentication identiy) and using only -D option .
Per the LDAP technical specifications, slapd(8) ignores
any bind DN providing in a SASL bind request.
Without a -U, Cyrus SASL is left to select the authentication
identity. If you don't like that selection, the best option
is to use -U (that's what its for).
Don't get soaked. Take a quick peak at the forecast
with the Yahoo! Search weather shortcut.