Hello everyone,
I have a small problem setting up my ldap client.
The issue comes from trying to force authenticated queries. So I have set the following lines in my slapd.conf
disallow bind_anon require authc
on the client side I have added the following lines to my ldap.conf
binddn cn=manager,dc=domain,dc=com bindpw {SSHA}<the hash>
Using this approach I cannot get a connection to the ldap server. I checked through wireshark, and I get a packet bindResponse(1) invalidCredentials ()
If on the other hand I when use the cleartext password, instead of SSHA then everything works fine.
I am not sure if it is important but the 'bindRequest(1) simple' packet contains the text {SSHA}<hash> exactly as it appears in the ldap.conf file. Should it be processed on the client end?
I have created the SSHA hash using slappasswd on the server machine, and then I copied and pasted the text across to my ldap.conf file. The hashes used by the server and client are identical. Have I done something wrong, should I encrypt the password using another way? Also if there is another way to initiate an authenticated query without using plaintext passwords, please let me know.
By the way my server is openldap 2.4.10 on solaris 10 (sparc) and the client I experiment with openldap 2.2.13-12 on RHEL4.7 (i386)
Thank you Nick