<div>Dear *,</div>
<div> </div>
<div>I think I found the solution.</div>
<div> </div>
<div>Indeed, you were all right !</div>
<div> </div>
<div>The correct command yith the Openldap ldapsearch command is :</div>
<div> </div>
<div>ldapsearch -v -h 192.168.122.142 -p 389 -s base -U "dn:uid=fhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y DIGEST-MD5<br></div>
<div>But you need to have the password of the user - here fhornain in clear mode text on the LDAP server - and be sure that your LDAP Server accept DIGEST-MD5 mechanism.</div>
<div> </div>
<div>In order to check that, type the folloying command :</div>
<div> </div>
<div>ldapsearch -x -LLL -h 192.168.122.142 -p 389 -b "" -s base -D "cn=Directory Manager" -w ThePassword objectclass=* supportedSASLMechanisms</div>
<div> </div>
<div> </div>
<div>If you have something like :</div>
<div> </div>
<div>dn :</div>
<div>supportedSASLMechanisms: DIGEST-MD5<br></div>
<div> </div>
<div>Then it is OK.</div>
<div> </div>
<div> </div>
<div>Finally, my problem was due to the fact that I did "uid=fhornain,ou=People,dc=example,dc=com" instead of "dn:uid=fhornain,ou=People,dc=example,dc=com".</div>
<div> </div>
<div>Sorry for that and Many thanks for your great help.</div>
<div> </div>
<div>BR</div>
<div>Frederic ;)<br></div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div><br><br> </div>
<div class="gmail_quote">On Wed, Oct 27, 2010 at 12:01 AM, Marc Sauton <span dir="ltr"><<a href="mailto:msauton@redhat.com">msauton@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div text="#000000" bgcolor="#ffffff">-U fhornain<br>?
<div>
<div></div>
<div class="h5"><br><br>On 10/26/2010 02:28 PM, Frederic Hornain wrote:
<blockquote type="cite">Rich,<br>I tried with<br>-U "u:fhornain"<br>or<br>-U "dn:uid=fhornain,ou=People,dc=example,dc=com"<br><br>I still have the same problem.<br><br>Thanks for your help<br>BR<br>Frederic ;)<br>
<br><br>
<div class="gmail_quote">On Tue, Oct 26, 2010 at 6:40 PM, Rich Megginson <span dir="ltr"><<a href="mailto:rmeggins@redhat.com" target="_blank">rmeggins@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0pt 0pt 0pt 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<div>Frederic Hornain wrote:<br>> Dear Patrick,<br>><br>> ldapsearch -v -h 192.168.122.142 -s sub -U<br>> "dn:uidfhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y<br>> DIGEST-MD5<br>
</div>use either<br>-U "u:fhornain"<br>or<br>-U "dn:uid=fhornain,ou=People,dc=example,dc=com"<br><br>> ldap_initialize( <a>ldap://</a><a href="http://192.168.122.142/" target="_blank">192.168.122.142</a> <<a href="http://192.168.122.142/" target="_blank">http://192.168.122.142</a>> )<br>
<div>> SASL/DIGEST-MD5 authentication started<br>> Please enter your password:<br>> ldap_sasl_interactive_bind_s: Invalid credentials (49)<br>> additional info: SASL(-14): authorization failure: unable canonify<br>
> user and get auxprops<br>><br>><br>> Thanks for you help, I appreciate.<br>><br>> BR<br>> Frederic ;)<br>><br>> 2010/10/26 Morris, Patrick <<a href="mailto:patrick.morris@hp.com" target="_blank">patrick.morris@hp.com</a><br>
</div>> <mailto:<a href="mailto:patrick.morris@hp.com" target="_blank">patrick.morris@hp.com</a>>><br>
<div>><br>> On 10/26/2010 9:14 AM, Frederic Hornain wrote:<br>>> Rich,<br>>><br>>><br>>> ldapsearch -v -h 192.168.122.142 -s sub -U<br>>> uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com"<br>
>> -Y DIGEST-MD5<br></div>>> ldap_initialize( <a>ldap://</a><a href="http://192.168.122.142/" target="_blank">192.168.122.142</a> <<a href="http://192.168.122.142/" target="_blank">http://192.168.122.142</a>> )<br>
<div>>> SASL/DIGEST-MD5 authentication started<br>>> Please enter your password:<br>>> ldap_sasl_interactive_bind_s: Invalid credentials (49)<br>>> additional info: SASL(-14): authorization failure: unable<br>
>> canonify user and get auxprops<br>><br>> "uid:fhornain,ou=People,dc=example,dc=com"<br>><br>> If you use the "uid:" syntax, it should be followed by a uid, not<br>> a dn. Or you can use the "dn:" syntax if you want to use a dn.<br>
><br>> You may have other things going on here, but the way you've<br>> specified the user definitely isn't going to work.<br>><br>> --<br>> 389 users mailing list<br>> <a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br>
</div>> <mailto:<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>><br>
<div>> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>><br>><br>><br>><br>> --<br>> -----------------------------------------------------<br>
> Fedora-ambassadors-list mailing list<br>> <a href="mailto:Fedora-ambassadors-list@redhat.com" target="_blank">Fedora-ambassadors-list@redhat.com</a><br></div>> <mailto:<a href="mailto:Fedora-ambassadors-list@redhat.com" target="_blank">Fedora-ambassadors-list@redhat.com</a>><br>
> Olpc mailing list<br>
<div>> <a href="mailto:olpc-open@laptop.org" target="_blank">olpc-open@laptop.org</a> <mailto:<a href="mailto:olpc-open@laptop.org" target="_blank">olpc-open@laptop.org</a>><br></div>> ------------------------------------------------------------------------<br>
<div>
<div>><br>> --<br>> 389 users mailing list<br>> <a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br>> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
<br>--<br>389 users mailing list<br><a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a><br><a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>-----------------------------------------------------<br>Fedora-ambassadors-list mailing list<br><a href="mailto:Fedora-ambassadors-list@redhat.com" target="_blank">Fedora-ambassadors-list@redhat.com</a><br>
Olpc mailing list<br><a href="mailto:olpc-open@laptop.org" target="_blank">olpc-open@laptop.org</a><br><pre><fieldset></fieldset>
--
389 users mailing list
<a href="mailto:389-users@lists.fedoraproject.org" target="_blank">389-users@lists.fedoraproject.org</a>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre></blockquote><br></div></div></div></blockquote></div><br><br clear="all">
<br>-- <br>-----------------------------------------------------<br>Fedora-ambassadors-list mailing list<br><a href="mailto:Fedora-ambassadors-list@redhat.com">Fedora-ambassadors-list@redhat.com</a><br>Olpc mailing list<br>
<a href="mailto:olpc-open@laptop.org">olpc-open@laptop.org</a><br>