Hi All,
I have Openldap Server -2.2.13 with Cyrus SASL configured.
I am trying to do ldapsearch for digest-md5 .I am getting the following error :
ldapsearch -Y digest-md5 -D "uid=pokemon,ou=People,dc=cisco,dc=com" -w pokemon123 SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: client response doesn't match what we generated
But ldapsearch with -U option is successful. Please let me know what need to be done on my LDAP server for making ldapsearch sucessful without using -U (SASL authentication identiy) and using only -D option .
Thanks, RK
____________________________________________________________________________________ Don't get soaked. Take a quick peak at the forecast with the Yahoo! Search weather shortcut. http://tools.search.yahoo.com/shortcuts/#loc_weather
On Jan 29, 2007, at 3:06 AM, Radhakrishnan Balasubramanian wrote:
Hi All,
I have Openldap Server -2.2.13 with Cyrus SASL configured.
I am trying to do ldapsearch for digest-md5 .I am getting the following error :
ldapsearch -Y digest-md5 -D "uid=pokemon,ou=People,dc=cisco,dc=com" -w pokemon123 SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: client response doesn't match what we generated
But ldapsearch with -U option is successful. Please let me know what need to be done on my LDAP server for making ldapsearch sucessful without using -U (SASL authentication identiy) and using only -D option .
Per the LDAP technical specifications, slapd(8) ignores any bind DN providing in a SASL bind request.
Without a -U, Cyrus SASL is left to select the authentication identity. If you don't like that selection, the best option is to use -U (that's what its for).
Kurt
Thanks, RK
Don't get soaked. Take a quick peak at the forecast with the Yahoo! Search weather shortcut. http://tools.search.yahoo.com/shortcuts/#loc_weather
On Mon, Jan 29, 2007 at 07:40:02AM -0800, Kurt Zeilenga wrote:
On Jan 29, 2007, at 3:06 AM, Radhakrishnan Balasubramanian wrote:
Hi All,
I have Openldap Server -2.2.13 with Cyrus SASL configured.
I am trying to do ldapsearch for digest-md5 .I am getting the following error :
ldapsearch -Y digest-md5 -D "uid=pokemon,ou=People,dc=cisco,dc=com" -w pokemon123 SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): authentication failure: client response doesn't match what we generated
But ldapsearch with -U option is successful. Please let me know what need to be done on my LDAP server for making ldapsearch sucessful without using -U (SASL authentication identiy) and using only -D option .
Per the LDAP technical specifications, slapd(8) ignores any bind DN providing in a SASL bind request.
Without a -U, Cyrus SASL is left to select the authentication identity. If you don't like that selection, the best option is to use -U (that's what its for).
maybe he is looking for -x ?
Kurt
Thanks, RK
Don't get soaked. Take a quick peak at the forecast with the Yahoo! Search weather shortcut. http://tools.search.yahoo.com/shortcuts/#loc_weather
Hi ,
I am not looking for -x option. My question was how to do ldapsearch for digest-md5 without using -U option.
Problem is when I do ldapsearch with only DN (-D option in the ldapsearch), ldapsearch fails.
ldapsearch -Y digest-md5 -D
"uid=pokemon,ou=People,dc=cisco,dc=com" -w
pokemon123
SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials
(49)
additional info: SASL(-13):authentication
failure: client response doesn't match what we generated
------------------------------------------ When I give -U option in the ldapsearch, it is successful. But I dont want -U option to be included,I want to do sasl bind only with DN option in the ldapsearch. Hope this is clear.
[root@bldrldap ~]# ldapsearch -Y digest-md5 -U pokemon -w pokemon123 -b "" -s base uid=pokemon SASL/DIGEST-MD5 authentication started SASL username: pokemon SASL SSF: 128 SASL installing layers # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: uid=pokemon # requesting: ALL #
# search result search: 3 result: 0 Success
# numResponses: 1
Thanks, Radhakrishnan ------------------------------------------------- --- Alex Samad alex@samad.com.au wrote:
On Mon, Jan 29, 2007 at 07:40:02AM -0800, Kurt Zeilenga wrote:
On Jan 29, 2007, at 3:06 AM, Radhakrishnan
Balasubramanian wrote:
Hi All,
I have Openldap Server -2.2.13 with Cyrus SASL configured.
I am trying to do ldapsearch for digest-md5 .I am getting the following error :
ldapsearch -Y digest-md5 -D "uid=pokemon,ou=People,dc=cisco,dc=com" -w
pokemon123
SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials
(49)
additional info: SASL(-13):authentication
failure: client response doesn't match what we generated
But ldapsearch with -U option is successful.
Please
let me know what need to be done on my LDAP
server for
making ldapsearch sucessful without using -U
(SASL
authentication identiy) and using only -D option
.
Per the LDAP technical specifications, slapd(8)
ignores
any bind DN providing in a SASL bind request.
Without a -U, Cyrus SASL is left to select the
authentication
identity. If you don't like that selection, the
best option
is to use -U (that's what its for).
maybe he is looking for -x ?
Kurt
Thanks, RK
Don't get soaked. Take a quick peak at the
forecast
with the Yahoo! Search weather shortcut.
http://tools.search.yahoo.com/shortcuts/#loc_weather
____________________________________________________________________________________ Want to start your own business? Learn how on Yahoo! Small Business. http://smallbusiness.yahoo.com/r-index
I am not looking for -x option. My question was how to do ldapsearch for digest-md5 without using -U option.
Problem is when I do ldapsearch with only DN (-D option in the ldapsearch), ldapsearch fails.
What are you trying to do, in a larger sense? The directory server is quite correctly telling you this is an error.
If you want to use SASL binds and DIGEST-MD5, then what is wrong with -U? Why do you want to use -D? Do you have some external application expecting to use the commandline tools with -D? If so, this isn't an OpenLDAP problem at all and you should make a wrapper script or fix your broken app.
Matthew Backes Symas Corporation mbackes@symas.com lucca@accela.net
openldap-software@openldap.org
-
Alex Samad -
Kurt Zeilenga -
Matthew Backes -
Radhakrishnan Balasubramanian