I am using OpenLDAP 2.4.7 in an Ubuntu 8.04 server. I have in my tree an user whose "userPassword" attribute is "{CLEARTEXT}testpass". This command works: $ ldapwhoami -U testuser -w testpass SASL/DIGEST-MD5 authentication started SASL username: testuser SASL SSF: 128 SASL data security layer installed. dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br But I don't know why this one doesn't work... $ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass ldap_bind: Invalid credentials (49) The command above works only after removing the "{CLEARTEXT}" string before the real password: $ ldapmodify -U testuser -w testpass SASL/DIGEST-MD5 authentication started SASL username: testuser SASL SSF: 128 SASL data security layer installed. dn: uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br changetype: modify replace: userPassword userPassword: testpass modifying entry "uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br" $ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br ------------------- My doubt is: if an user have his password set to "{CLEARTEXT}<real password>", it should be able to authenticate itself either with simple authentication or with SASL, doesn't it? -- Anderson Medeiros Gomes amg1127(a)cefetrs.tche.br Coordenadoria de Manutenção e Redes Centro Federal de Educação Tecnológica de Pelotas http://www.cefetrs.tche.br/