On Fri, 05 Mar 2010 09:21:06 +0100, "Dieter Kluenter"
<dieter(a)dkluenter.de>
wrote:
<lists(a)supported.de> writes:
> Hello list,
>
> this is my first time trying to set up SASL, I'm probably doing
> something wrong. Anyhow:
[...]
> - when starting slapd without -d I get:
>
> $ ldapsearch -v -h localhost -LLL -U ldapadmin -D
> "cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de" -b
> "ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin"
> ldap_initialize( ldap://localhost:10389 )
> SASL/DIGEST-MD5 authentication started
> Please enter your password:
> ldap_sasl_interactive_bind_s: Internal (implementation specific) error
> (80)
> additional info: SASL(-1): generic failure:
try ldapsearch -Y DIGEST-MD5 -U ldapadmin -w password -b ...
I did try without -D before, it doesn't help:
$ ldapsearch -v -h localhost -LLL -Y DIGEST-MD5 -U ldapadmin -w ***** -b
"ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" '*'
ldap_initialize( ldap://localhost:389 )
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
additional info: SASL(-1): generic failure:
Again:
the strange point being that when starting slapd from CLI with -d XXX
everything works. I only get the error when letting slapd disassociate (ie
without -d):
# /etc/init.d/openldap stop
Stopping OpenLDAP ...[ok]
# /usr/local/openldap/libexec/slapd -f
/usr/local/openldap/etc/openldap/slapd.conf -d 64
...
slapd starting
$ ldapsearch -v -h localhost -LLL -Y DIGEST-MD5 -U ldapadmin -w **** -b
"ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" '*'
ldap_initialize( ldap://localhost:389 )
SASL/DIGEST-MD5 authentication started
SASL username: ldapadmin
SASL SSF: 128
SASL installing layers
filter: cn=ldapadmin
requesting: *
dn: cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de
cn: ldapadmin
gidNumber: 5000
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: person
objectClass: top
sn: Admin
uid: ldapadmin
uidNumber: 5000
homeDirectory: /tmp
userPassword:: ****
...back to root shell, stop slapd and restart without -d...
# ^c
...
slapd stopped.
# /usr/local/openldap/libexec/slapd -f
/usr/local/openldap/etc/openldap/slapd.conf
$ ldapsearch -v -h localhost -LLL -Y DIGEST-MD5 -U ldapadmin -w *** -b
"ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" '*'
ldap_initialize( ldap://localhost:10389 )
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
additional info: SASL(-1): generic failure:
Any idea? Thanks!
Btw: I've duplicated this setup on a Debian box. On that one everything
works...
Cheers, Ralph