On Fri, 05 Mar 2010 09:21:06 +0100, "Dieter Kluenter" dieter@dkluenter.de wrote:
lists@supported.de writes:
Hello list,
this is my first time trying to set up SASL, I'm probably doing something wrong. Anyhow:
[...]
- when starting slapd without -d I get:
$ ldapsearch -v -h localhost -LLL -U ldapadmin -D "cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de" -b "ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" ldap_initialize( ldap://localhost:10389 ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-1): generic failure:
try ldapsearch -Y DIGEST-MD5 -U ldapadmin -w password -b ...
I did try without -D before, it doesn't help: $ ldapsearch -v -h localhost -LLL -Y DIGEST-MD5 -U ldapadmin -w ***** -b "ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" '*' ldap_initialize( ldap://localhost:389 ) SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-1): generic failure:
Again: the strange point being that when starting slapd from CLI with -d XXX everything works. I only get the error when letting slapd disassociate (ie without -d):
# /etc/init.d/openldap stop Stopping OpenLDAP ...[ok] # /usr/local/openldap/libexec/slapd -f /usr/local/openldap/etc/openldap/slapd.conf -d 64 ... slapd starting
$ ldapsearch -v -h localhost -LLL -Y DIGEST-MD5 -U ldapadmin -w **** -b "ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" '*' ldap_initialize( ldap://localhost:389 ) SASL/DIGEST-MD5 authentication started SASL username: ldapadmin SASL SSF: 128 SASL installing layers filter: cn=ldapadmin requesting: * dn: cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de cn: ldapadmin gidNumber: 5000 objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: posixAccount objectClass: person objectClass: top sn: Admin uid: ldapadmin uidNumber: 5000 homeDirectory: /tmp userPassword:: ****
...back to root shell, stop slapd and restart without -d... # ^c ... slapd stopped. # /usr/local/openldap/libexec/slapd -f /usr/local/openldap/etc/openldap/slapd.conf
$ ldapsearch -v -h localhost -LLL -Y DIGEST-MD5 -U ldapadmin -w *** -b "ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" '*' ldap_initialize( ldap://localhost:10389 ) SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-1): generic failure:
Any idea? Thanks!
Btw: I've duplicated this setup on a Debian box. On that one everything works...
Cheers, Ralph