Dear *,
I think I found the solution.
Indeed, you were all right !
The correct command yith the Openldap ldapsearch command is :
ldapsearch -v -h 192.168.122.142 -p 389 -s base -U "dn:uid=fhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y DIGEST-MD5 But you need to have the password of the user - here fhornain in clear mode text on the LDAP server - and be sure that your LDAP Server accept DIGEST-MD5 mechanism.
In order to check that, type the folloying command :
ldapsearch -x -LLL -h 192.168.122.142 -p 389 -b "" -s base -D "cn=Directory Manager" -w ThePassword objectclass=* supportedSASLMechanisms
If you have something like :
dn : supportedSASLMechanisms: DIGEST-MD5
Then it is OK.
Finally, my problem was due to the fact that I did "uid=fhornain,ou=People,dc=example,dc=com" instead of "dn:uid=fhornain,ou=People,dc=example,dc=com".
Sorry for that and Many thanks for your great help.
BR Frederic ;)
On Wed, Oct 27, 2010 at 12:01 AM, Marc Sauton msauton@redhat.com wrote:
-U fhornain ?
On 10/26/2010 02:28 PM, Frederic Hornain wrote:
Rich, I tried with -U "u:fhornain" or -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
I still have the same problem.
Thanks for your help BR Frederic ;)
On Tue, Oct 26, 2010 at 6:40 PM, Rich Megginson rmeggins@redhat.comwrote:
Frederic Hornain wrote:
Dear Patrick,
ldapsearch -v -h 192.168.122.142 -s sub -U "dn:uidfhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y DIGEST-MD5
use either -U "u:fhornain" or -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
ldap_initialize( ldap://192.168.122.142 http://192.168.122.142 ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
Thanks for you help, I appreciate.
BR Frederic ;)
2010/10/26 Morris, Patrick <patrick.morris@hp.com mailto:patrick.morris@hp.com>
On 10/26/2010 9:14 AM, Frederic Hornain wrote:
Rich, ldapsearch -v -h 192.168.122.142 -s sub -U uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" -Y DIGEST-MD5 ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
"uid:fhornain,ou=People,dc=example,dc=com" If you use the "uid:" syntax, it should be followed by a uid, not a dn. Or you can use the "dn:" syntax if you want to use a dn. You may have other things going on here, but the way you've specified the user definitely isn't going to work. -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com mailto:Fedora-ambassadors-list@redhat.com Olpc mailing list olpc-open@laptop.org mailto:olpc-open@laptop.org
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com Olpc mailing list olpc-open@laptop.org
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users