
Rich,<br><br><br>ldapsearch -v -h 192.168.122.142 -s sub -U uid:fhornain,ou=People,dc=example,dc=com -b &quot;dc=example,dc=com&quot; -Y DIGEST-MD5<br>ldap_initialize( ldap://<a href="http://192.168.122.142">192.168.122.142</a> )<br>

SASL/DIGEST-MD5 authentication started<br>Please enter your password: <br>ldap_sasl_interactive_bind_s: Invalid credentials (49)<br>    additional info: SASL(-14): authorization failure: unable canonify user and get auxprops<br>

<br>On the client side :<br><br>[26/Oct/2010:18:15:17 +0200] conn=209 fd=73 slot=73 connection from 192.168.122.94 to 192.168.122.142<br>[26/Oct/2010:18:15:17 +0200] conn=209 op=0 BIND dn=&quot;&quot; method=sasl version=3 mech=DIGEST-MD5<br>

[26/Oct/2010:18:15:17 +0200] conn=209 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress<br>[26/Oct/2010:18:15:23 +0200] conn=209 op=1 BIND dn=&quot;&quot; method=sasl version=3 mech=DIGEST-MD5<br>[26/Oct/2010:18:15:23 +0200] conn=209 op=1 RESULT err=49 tag=97 nentries=0 etime=0<br>

[26/Oct/2010:18:15:23 +0200] conn=209 op=-1 fd=73 closed - B1<br><br>BR<br>Frederic ;)<br><br><div class="gmail_quote">On Tue, Oct 26, 2010 at 5:55 PM, Rich Megginson <span dir="ltr">&lt;<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="im">Frederic Hornain wrote:<br>

&gt; Dear Rich,<br>

&gt;<br>

</div><div class="im">&gt; Unfortunatly, it does not work.<br>

<br>

&gt; Could I ask you to do a test on your default RHDS to see if that works ?<br>

</div>I know that DIGEST-MD5 does work.<br>

<div class="im">&gt; If it works then could you provide me the corresponding openldapsearch<br>

&gt; command ?<br>

</div>Can you provide excerpts from your access log showing the failed bind<br>

attempt?<br>

<div class="im">&gt; Thanks for your help.<br>

&gt;<br>

&gt; BR<br>

&gt; Frederic ;)<br>

&gt;<br>

&gt; On Tue, Oct 26, 2010 at 5:21 PM, Rich Megginson &lt;<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a><br>

</div><div class="im">&gt; &lt;mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>&gt;&gt; wrote:<br>

&gt;<br>

&gt;     Frederic Hornain wrote:<br>

&gt;     &gt; Dear Rich,<br>

&gt;     &gt;<br>

&gt;     &gt; It is in clear text mode.<br>

&gt;     &gt;<br>

&gt;     &gt; BR<br>

&gt;     &gt; Fred ;)<br>

&gt;     &gt;<br>

&gt;     &gt; On Tue, Oct 26, 2010 at 5:07 PM, Rich Megginson<br>

&gt;     &lt;<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a> &lt;mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>&gt;<br>

</div><div><div></div><div class="h5">&gt;     &gt; &lt;mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a> &lt;mailto:<a href="mailto:rmeggins@redhat.com">rmeggins@redhat.com</a>&gt;&gt;&gt; wrote:<br>

&gt;     &gt;<br>

&gt;     &gt;     Frederic Hornain wrote:<br>

&gt;     &gt;     &gt; Dear *,<br>

&gt;     &gt;     &gt;<br>

&gt;     &gt;     &gt; How can I configure the Directory server in order to use  SASL<br>

&gt;     &gt;     &gt; DIGEST-MD5 with ldapsearch qnd without error messages?<br>

&gt;     &gt;<br>

&gt;     <a href="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SASL.html#Introduction_to_SASL-Authentication_Mechanisms" target="_blank">http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SASL.html#Introduction_to_SASL-Authentication_Mechanisms</a><br>


&gt;     &gt;<br>

&gt;     &gt;     SASL/DIGEST-MD5 requires that the userPassword is in clear text.<br>

&gt;     &gt;     &gt;<br>

&gt;     &gt;     &gt; ldapsearch -W -h xxx.xxx.xxx.xxx -U username -b<br>

&gt;     &gt;     &quot;dc=example,dc=com&quot; -Y<br>

&gt;     &gt;<br>

&gt;<br>

&gt;     The username must be in the form of &quot;uid:username&quot; or<br>

&gt;     &quot;dn:uid=username,ou=people,...suffix...&quot;<br>

&gt;     Also try -X instead of -U<br>

&gt;     &gt;<br>

&gt;     &gt;     &gt; DIGEST-MD5<br>

&gt;     &gt;     &gt; Enter LDAP Password : xxxxx<br>

&gt;     &gt;     &gt; SASL/DIGEST-MD5 authentication started<br>

&gt;     &gt;     &gt; ldap_sasl_interactive_bind_s: Invalid credentials (49)<br>

&gt;     &gt;     &gt; additional info: SASL(-14): authorization failure: unable<br>

&gt;     canonify<br>

&gt;     &gt;     &gt; user and get auxprops<br>

&gt;     &gt;     &gt;<br>

&gt;     &gt;     &gt;<br>

&gt;     &gt;     &gt; Thanks in advance for your help and your time.<br>

&gt;     &gt;     &gt;<br>

&gt;     &gt;     &gt; BR<br>

&gt;     &gt;     &gt; Frederic ;)<br>

&gt;     &gt;     &gt;<br>

&gt;     &gt;     &gt; -----------------------------------------------------<br>

&gt;     &gt;     &gt; Fedora-ambassadors-list mailing list<br>

&gt;     &gt;     &gt; <a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>

&gt;     &lt;mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>&gt;<br>

&gt;     &gt;     &lt;mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>

&gt;     &lt;mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>&gt;&gt;<br>

&gt;     &gt;     &gt; &lt;mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>

&gt;     &lt;mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>&gt;<br>

&gt;     &gt;     &lt;mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>

&gt;     &lt;mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>&gt;&gt;&gt;<br>

&gt;     &gt;     &gt;<br>

&gt;     &gt;<br>

&gt;     ------------------------------------------------------------------------<br>

&gt;     &gt;     &gt;<br>

&gt;     &gt;     &gt; --<br>

&gt;     &gt;     &gt; 389 users mailing list<br>

&gt;     &gt;     &gt; <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>

&gt;     &lt;mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>&gt;<br>

&gt;     &gt;     &lt;mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>

&gt;     &lt;mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>&gt;&gt;<br>

&gt;     &gt;     &gt; <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>

&gt;     &gt;<br>

&gt;     &gt;     --<br>

&gt;     &gt;     389 users mailing list<br>

&gt;     &gt;     <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>

&gt;     &lt;mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>&gt;<br>

&gt;     &gt;     &lt;mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>

&gt;     &lt;mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>&gt;&gt;<br>

&gt;     &gt;     <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>

&gt;     &gt;<br>

&gt;     &gt;<br>

&gt;     &gt;<br>

&gt;     &gt;<br>

&gt;     &gt; --<br>

&gt;     &gt; -----------------------------------------------------<br>

&gt;     &gt; Fedora-ambassadors-list mailing list<br>

&gt;     &gt; <a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>

&gt;     &lt;mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>&gt;<br>

&gt;     &gt; &lt;mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>

&gt;     &lt;mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>&gt;&gt;<br>

&gt;     &gt; Olpc mailing list<br>

&gt;     &gt; <a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a> &lt;mailto:<a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a>&gt;<br>

</div></div>&gt;     &lt;mailto:<a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a> &lt;mailto:<a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a>&gt;&gt;<br>

<div><div></div><div class="h5">&gt;     &gt;<br>

&gt;     ------------------------------------------------------------------------<br>

&gt;     &gt;<br>

&gt;     &gt; --<br>

&gt;     &gt; 389 users mailing list<br>

&gt;     &gt; <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>

&gt;     &lt;mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>&gt;<br>

&gt;     &gt; <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>

&gt;<br>

&gt;     --<br>

&gt;     389 users mailing list<br>

&gt;     <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>

&gt;     &lt;mailto:<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>&gt;<br>

&gt;     <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>

&gt;<br>

&gt;<br>

&gt;<br>

&gt;<br>

&gt; --<br>

&gt; -----------------------------------------------------<br>

&gt; Fedora-ambassadors-list mailing list<br>

&gt; <a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>

&gt; &lt;mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a>&gt;<br>

&gt; Olpc mailing list<br>

&gt; <a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a> &lt;mailto:<a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a>&gt;<br>

&gt; ------------------------------------------------------------------------<br>

&gt;<br>

&gt; --<br>

&gt; 389 users mailing list<br>

&gt; <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>

&gt; <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>

<br>

--<br>

389 users mailing list<br>

<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>

<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>

</div></div></blockquote></div><br><br clear="all"><br>-- <br>-----------------------------------------------------<br>Fedora-ambassadors-list mailing list<br><a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>

Olpc mailing list<br><a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a><br>