On Fri, Apr 24, 2009 at 08:41:02PM +0800, owen nirvana wrote:
I try to search in Apache Directory Studio, perl , java, but in term , I input "ldapsearch -D "cn=admin.dc=xxx,dc=org" -b "dc=xxx,dc=org" "(objectClass=*)" -W
echo:
Digest/SASL MD5 start
invalid credential
The ldap command-line tools will try to use SASL by default (this is required by the LDAP standard). If you have not configured SASL then you need to specify the -x flag to turn it off.
I don't know how to configure slapd.conf to solve the problem
If you want to use SASL, read the SASL section of the Admin Guide:
http://www.openldap.org/doc/admin24/sasl.html
As a minimum you will need to store plain-text passwords and set up some ID mapping if you plan to use the DIGEST-MD5 mechanism.
SASL is not essential, and in many environments it is sufficient to use plain password authentication along with TLS encryption of sessions. SASL is more likely to be useful if you have a Kerberos environment already.
Andrew