Hi Hallvard
I use the compare tool just for testing
The problem is when I try to login to my Cisco router (using ldap) I got compare false error message. After that I tested the same password with this tool and I got the same result.
If I give the same password what i used to login why not working ? Ok is different encryption - how can I change it ?
PS: I need to have the compare function working with clear text password - if not working with the own ldap compare tool I can't expect that will work with the router.
Best, Szilard
-----Original Message----- From: openldap-technical-bounces@OpenLDAP.org [mailto:openldap-technical-bounces@OpenLDAP.org] On Behalf Of Hallvard B Furuseth Sent: Wednesday, February 15, 2012 4:19 PM To: Szilard Gyorgy Cc: openldap-technical@openldap.org Subject: Re: authentification issue with clear text password
On Wed, 15 Feb 2012 13:38:17 +0200, "Szilard Gyorgy" szilard@gyorgy.net wrote:
ldapcompare -D "uid=testuser,ou=Users,dc=domain,dc=net" -w test "uid=testuser,ou=Users,dc=domain,dc=net" -v userPassword:test
Why are you using compare at all? The server already checked the password when it accepted your Bind with -D and -w <password>. I don't think there's an ldap tool which does nothing but Bind, so you have to ask it to do something afterwards but it doesn't really matter what. In such cases I usually use ldapwhoami:
ldapwhoami -x -D "uid=testuser,ou=Users,dc=domain,dc=net" -w test
The -x disables SASL, which you do not use or want with -D/-w. SASL is on by default if you have compiled in support for it.
BTW, maybe you want to use -y <file> for the password instead. Note that the file contents must NOT end with a newline, unless the newline is part of the password.
Hallvard