Hi Quanah, Thank you for your response. I figured what you said in your response, and I have another question about the SASL. I have a ldap testing server, let's say the url is test.sample.net, and when I run the following command: ldapsearch -H ldap://test.sample.net:389 -x -b "" -s base -LLL supportedSASLMechanisms it returned: dn: supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: NTLM then I run the command: ldapsearch -H ldap://test.sample.net:389 -Y DIGEST-MD5 then it prompt: SASL/DIGEST-MD5 authentication started Please enter your password: I give a password, then it prompt: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database
so question here, what password it asked here? since it's not asking for a DN. There could be many credentials here, will the server figure out the user by the password input?
Thank you!
Peter
On Mon, Jan 6, 2020 at 8:17 PM Quanah Gibson-Mount quanah@symas.com wrote:
--On Tuesday, December 31, 2019 10:44 AM -0500 Peter Sui peters@qnext.com
wrote:
if I run: ldapsearch -h ldap.forumsys.com -p 636 -b "" -s base "(objectClass=*)"
-D
"cn=read-only-admin,dc=example,dc=com" -w password -Z
It is not valid to combine startTLS with port 636. Also, you should update your options to match modern standards.
Example against ldaps:///
ldapsearch -H ldaps://ldap.forumsys.com:636
as opposed to
ldapsearch -h ldap.forumsys.com -p 636
Example against ldap:///
ldapsearch -H ldap://ldap.forumsys.com:389
as opposed to
ldapsearch -h ldap.forumsys.com -p 389
I would note that the -Z(Z) options are for startTLS (generally against port 389). It is not valid to mix startTLS with ldaps:// URIs. You've not provided any useful information about your setup, so it's not possible to give you much help past that.
As for your SASL question, as documented in the ldapsearch man page, you provide the SASL Mech as a parameter to the -Y option. For example:
ldapsearch -Y GSSAPI -H ldap://ldap.forumsys.com:389
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com