Rich,<br><br><br>ldapsearch -v -h 192.168.122.142 -s sub -U uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" -Y DIGEST-MD5<br>ldap_initialize( ldap://<a href="http://192.168.122.142">192.168.122.142</a> )<br>
SASL/DIGEST-MD5 authentication started<br>Please enter your password: <br>ldap_sasl_interactive_bind_s: Invalid credentials (49)<br> additional info: SASL(-14): authorization failure: unable canonify user and get auxprops<br>
<br>On the client side :<br><br>[26/Oct/2010:18:15:17 +0200] conn=209 fd=73 slot=73 connection from 192.168.122.94 to 192.168.122.142<br>[26/Oct/2010:18:15:17 +0200] conn=209 op=0 BIND dn="" method=sasl version=3 mech=DIGEST-MD5<br>
[26/Oct/2010:18:15:17 +0200] conn=209 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress<br>[26/Oct/2010:18:15:23 +0200] conn=209 op=1 BIND dn="" method=sasl version=3 mech=DIGEST-MD5<br>[26/Oct/2010:18:15:23 +0200] conn=209 op=1 RESULT err=49 tag=97 nentries=0 etime=0<br>
[26/Oct/2010:18:15:23 +0200] conn=209 op=-1 fd=73 closed - B1<br><br>BR<br>Frederic ;)<br><br><div class="gmail_quote">On Tue, Oct 26, 2010 at 5:55 PM, Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="im">Frederic Hornain wrote:<br>
> Dear Rich,<br>
><br>
</div><div class="im">> Unfortunatly, it does not work.<br>
<br>
> Could I ask you to do a test on your default RHDS to see if that works ?<br>
</div>I know that DIGEST-MD5 does work.<br>
<div class="im">> If it works then could you provide me the corresponding openldapsearch<br>
> command ?<br>
</div>Can you provide excerpts from your access log showing the failed bind<br>
attempt?<br>
<div class="im">> Thanks for your help.<br>
><br>
> BR<br>
> Frederic ;)<br>
><br>
> On Tue, Oct 26, 2010 at 5:21 PM, Rich Megginson <<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a><br>
</div><div class="im">> <mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>>> wrote:<br>
><br>
> Frederic Hornain wrote:<br>
> > Dear Rich,<br>
> ><br>
> > It is in clear text mode.<br>
> ><br>
> > BR<br>
> > Fred ;)<br>
> ><br>
> > On Tue, Oct 26, 2010 at 5:07 PM, Rich Megginson<br>
> <<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a> <mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>><br>
</div><div><div></div><div class="h5">> > <mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a> <mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>>>> wrote:<br>
> ><br>
> > Frederic Hornain wrote:<br>
> > > Dear *,<br>
> > ><br>
> > > How can I configure the Directory server in order to use SASL<br>
> > > DIGEST-MD5 with ldapsearch qnd without error messages?<br>
> ><br>
> <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SASL.html#Introduction_to_SASL-Authentication_Mechanisms" target="_blank">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SASL.html#Introduction_to_SASL-Authentication_Mechanisms</a><br>
> ><br>
> > SASL/DIGEST-MD5 requires that the userPassword is in clear text.<br>
> > ><br>
> > > ldapsearch -W -h xxx.xxx.xxx.xxx -U username -b<br>
> > "dc=example,dc=com" -Y<br>
> ><br>
><br>
> The username must be in the form of "uid:username" or<br>
> "dn:uid=username,ou=people,...suffix..."<br>
> Also try -X instead of -U<br>
> ><br>
> > > DIGEST-MD5<br>
> > > Enter LDAP Password : xxxxx<br>
> > > SASL/DIGEST-MD5 authentication started<br>
> > > ldap_sasl_interactive_bind_s: Invalid credentials (49)<br>
> > > additional info: SASL(-14): authorization failure: unable<br>
> canonify<br>
> > > user and get auxprops<br>
> > ><br>
> > ><br>
> > > Thanks in advance for your help and your time.<br>
> > ><br>
> > > BR<br>
> > > Frederic ;)<br>
> > ><br>
> > > -----------------------------------------------------<br>
> > > Fedora-ambassadors-list mailing list<br>
> > > <a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>
> <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>><br>
> > <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>
> <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>>><br>
> > > <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>
> <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>><br>
> > <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>
> <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>>>><br>
> > ><br>
> ><br>
> ------------------------------------------------------------------------<br>
> > ><br>
> > > --<br>
> > > 389 users mailing list<br>
> > > <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
> <mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>><br>
> > <mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
> <mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>>><br>
> > > <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
> ><br>
> > --<br>
> > 389 users mailing list<br>
> > <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
> <mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>><br>
> > <mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
> <mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>>><br>
> > <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > --<br>
> > -----------------------------------------------------<br>
> > Fedora-ambassadors-list mailing list<br>
> > <a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>
> <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>><br>
> > <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>
> <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>>><br>
> > Olpc mailing list<br>
> > <a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a> <mailto:<a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a>><br>
</div></div>> <mailto:<a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a> <mailto:<a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a>>><br>
<div><div></div><div class="h5">> ><br>
> ------------------------------------------------------------------------<br>
> ><br>
> > --<br>
> > 389 users mailing list<br>
> > <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
> <mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>><br>
> > <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
><br>
> --<br>
> 389 users mailing list<br>
> <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
> <mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>><br>
> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
><br>
><br>
><br>
><br>
> --<br>
> -----------------------------------------------------<br>
> Fedora-ambassadors-list mailing list<br>
> <a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>
> <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>><br>
> Olpc mailing list<br>
> <a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a> <mailto:<a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a>><br>
> ------------------------------------------------------------------------<br>
><br>
> --<br>
> 389 users mailing list<br>
> <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
<br>
--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>-----------------------------------------------------<br>Fedora-ambassadors-list mailing list<br><a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>
Olpc mailing list<br><a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a><br>