On 02/09/2016 03:41 PM, Dan White wrote:
On 02/09/16 10:28 +0100, Frank Thommen wrote:
BINDDN in ~/.ldaprc seems to be ignored or I'm doing something wrong.
/etc/openldap/ldap.conf is empty.
~/.ldaprc is:
$ cat ~/.ldaprc BINDDN <myBindDN> BASE <myBaseDN> URI ldaps://<myLDAPServer> TLS_REQCERT never $
ldapsearch returns an error if I don't declare the bindDN on the commandline:
$ ldapsearch -W -v cn=xyz ldap_initialize( <DEFAULT> ) Enter LDAP Password: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available) $
For SASL binds, specify SASL_AUTHCID instead; however this option will be ignored by the sasl library for GSSAPI binds, in which case SASL_AUTHZID may be used if you need to specify an authz identity.
Thanks. But even after reading through a dozen different webpages and documentations I still don't understand how a SASL_AUTHCID or SASL_AUTHZID looks like and from where I get the appropriate information.
For non-sasl binds, specify '-x' on your command line, which does make use of BINDDN.
yes, that works fine. Maybe it should be made clearer in the manpage, that BINDDN does not apply (?) when not using simple authentication?
frank