I have added a new user with the pass {SASL}oshim@myproject.net then i checked it Apache Directory Studio it shows SASL hashed password. When I checked show details then it shows me {SASL}oshim@myproject.net.
but if i run ldapsearch -x -D "cn=oshim,dc=myproject,dc=net" -W -b dc=myproject,dc=net Enter LDAP Password: ldap_bind: Invalid credentials (49)
it shows same error.
On Jul 19, 2010, at 10:37 PM, Jonathan Clarke wrote:
Le 19/07/2010 18:07, OSHIM a écrit :
I have added into /etc/ldap/slapd.conf sasl-host localhost sasl-secprops none
and also have created usr/lib/sasl2/slapd.conf and have added following two lines pwcheck_method: saslauthd saslauthd_path: / var / run / saslauthd / mux
With this configuration, saslauthd should be called for simple (non-sasl) binds.
Have you set the userPassword attribute in your OpenLDAP entry to "{SASL}swioshim@something" ? And compiled OpenLDAP using the --enable-spasswd switch ?
Jonathan
On Jul 19, 2010, at 9:57 PM, Dan White wrote:
On 19/07/10 21:18 +0600, OSHIM wrote:
i have configured saslauthd with openldap to authenticate MS AD when I run testsaslauthd -u swioshim -p Test2010 then i got 0: OK "Success." (swioshim is my MS AD user and Test2010 password coming from MS AD)
but when i run ldapsearch -x -D "cn=swioshim,dc=myproject,dc=com" -W -b dc=myproject,dc=com
then getting error : ldap_bind: Invalid credentials (49)
please help
saslauthd will not be called for simple (non-sasl) binds. You will need to tell ldapsearch to bind with SASL, such as:
ldapsearch -U swioshim -W -b dc=myproject,dc=com
You'll need to configure /usr/lib/sasl2/slapd.conf with:
pwcheck_method: saslauthd mech_list: plain login
And if you want to map the derived authentication identity to a DN in your slapd tree, then you'll need to configure appropriate authz-regexp statements. See chapter 15 (Using SASL) of the OpenLDAP administrator's guide.
-- Dan White
--
Jonathan Clarke - jonathan@phillipoux.net
Ldap Synchronization Connector (LSC) - http://lsc-project.org