Dear *,
How can I configure the Directory server in order to use SASL DIGEST-MD5 with ldapsearch qnd without error messages?
ldapsearch -W -h xxx.xxx.xxx.xxx -U username -b "dc=example,dc=com" -Y DIGEST-MD5 Enter LDAP Password : xxxxx SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
Thanks in advance for your help and your time.
BR Frederic ;)
----------------------------------------------------- Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com
Frederic Hornain wrote:
Dear *,
How can I configure the Directory server in order to use SASL DIGEST-MD5 with ldapsearch qnd without error messages?
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administ...
SASL/DIGEST-MD5 requires that the userPassword is in clear text.
ldapsearch -W -h xxx.xxx.xxx.xxx -U username -b "dc=example,dc=com" -Y DIGEST-MD5 Enter LDAP Password : xxxxx SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
Thanks in advance for your help and your time.
BR Frederic ;)
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com
mailto:Fedora-ambassadors-list@redhat.com
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Dear Rich,
It is in clear text mode.
BR Fred ;)
On Tue, Oct 26, 2010 at 5:07 PM, Rich Megginson rmeggins@redhat.com wrote:
Frederic Hornain wrote:
Dear *,
How can I configure the Directory server in order to use SASL DIGEST-MD5 with ldapsearch qnd without error messages?
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administ...
SASL/DIGEST-MD5 requires that the userPassword is in clear text.
ldapsearch -W -h xxx.xxx.xxx.xxx -U username -b "dc=example,dc=com" -Y DIGEST-MD5 Enter LDAP Password : xxxxx SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
Thanks in advance for your help and your time.
BR Frederic ;)
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com
mailto:Fedora-ambassadors-list@redhat.com
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Frederic Hornain wrote:
Dear Rich,
It is in clear text mode.
BR Fred ;)
On Tue, Oct 26, 2010 at 5:07 PM, Rich Megginson <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Frederic Hornain wrote: > Dear *, > > How can I configure the Directory server in order to use SASL > DIGEST-MD5 with ldapsearch qnd without error messages? http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SASL.html#Introduction_to_SASL-Authentication_Mechanisms SASL/DIGEST-MD5 requires that the userPassword is in clear text. > > ldapsearch -W -h xxx.xxx.xxx.xxx -U username -b "dc=example,dc=com" -Y
The username must be in the form of "uid:username" or "dn:uid=username,ou=people,...suffix..." Also try -X instead of -U
> DIGEST-MD5 > Enter LDAP Password : xxxxx > SASL/DIGEST-MD5 authentication started > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-14): authorization failure: unable canonify > user and get auxprops > > > Thanks in advance for your help and your time. > > BR > Frederic ;) > > ----------------------------------------------------- > Fedora-ambassadors-list mailing list > Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com> > <mailto:Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com>> > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com mailto:Fedora-ambassadors-list@redhat.com Olpc mailing list olpc-open@laptop.org mailto:olpc-open@laptop.org
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Dear Rich,
Unfortunatly, it does not work. Could I ask you to do a test on your default RHDS to see if that works ? If it works then could you provide me the corresponding openldapsearch command ? Thanks for your help.
BR Frederic ;)
On Tue, Oct 26, 2010 at 5:21 PM, Rich Megginson rmeggins@redhat.com wrote:
Frederic Hornain wrote:
Dear Rich,
It is in clear text mode.
BR Fred ;)
On Tue, Oct 26, 2010 at 5:07 PM, Rich Megginson <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Frederic Hornain wrote: > Dear *, > > How can I configure the Directory server in order to use SASL > DIGEST-MD5 with ldapsearch qnd without error messages?
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administ...
SASL/DIGEST-MD5 requires that the userPassword is in clear text. > > ldapsearch -W -h xxx.xxx.xxx.xxx -U username -b "dc=example,dc=com" -Y
The username must be in the form of "uid:username" or "dn:uid=username,ou=people,...suffix..." Also try -X instead of -U
> DIGEST-MD5 > Enter LDAP Password : xxxxx > SASL/DIGEST-MD5 authentication started > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-14): authorization failure: unable canonify > user and get auxprops > > > Thanks in advance for your help and your time. > > BR > Frederic ;) > > ----------------------------------------------------- > Fedora-ambassadors-list mailing list > Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com> > <mailto:Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com>> >
> > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com mailto:Fedora-ambassadors-list@redhat.com Olpc mailing list olpc-open@laptop.org mailto:olpc-open@laptop.org
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Frederic Hornain wrote:
Dear Rich,
Unfortunatly, it does not work.
Could I ask you to do a test on your default RHDS to see if that works ?
I know that DIGEST-MD5 does work.
If it works then could you provide me the corresponding openldapsearch command ?
Can you provide excerpts from your access log showing the failed bind attempt?
Thanks for your help.
BR Frederic ;)
On Tue, Oct 26, 2010 at 5:21 PM, Rich Megginson <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Frederic Hornain wrote: > Dear Rich, > > It is in clear text mode. > > BR > Fred ;) > > On Tue, Oct 26, 2010 at 5:07 PM, Rich Megginson <rmeggins@redhat.com <mailto:rmeggins@redhat.com> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote: > > Frederic Hornain wrote: > > Dear *, > > > > How can I configure the Directory server in order to use SASL > > DIGEST-MD5 with ldapsearch qnd without error messages? > http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/SASL.html#Introduction_to_SASL-Authentication_Mechanisms > > SASL/DIGEST-MD5 requires that the userPassword is in clear text. > > > > ldapsearch -W -h xxx.xxx.xxx.xxx -U username -b > "dc=example,dc=com" -Y > The username must be in the form of "uid:username" or "dn:uid=username,ou=people,...suffix..." Also try -X instead of -U > > > DIGEST-MD5 > > Enter LDAP Password : xxxxx > > SASL/DIGEST-MD5 authentication started > > ldap_sasl_interactive_bind_s: Invalid credentials (49) > > additional info: SASL(-14): authorization failure: unable canonify > > user and get auxprops > > > > > > Thanks in advance for your help and your time. > > > > BR > > Frederic ;) > > > > ----------------------------------------------------- > > Fedora-ambassadors-list mailing list > > Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com> > <mailto:Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com>> > > <mailto:Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com> > <mailto:Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com>>> > > > ------------------------------------------------------------------------ > > > > -- > > 389 users mailing list > > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > <mailto:389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>> > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > <mailto:389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>> > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > -- > ----------------------------------------------------- > Fedora-ambassadors-list mailing list > Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com> > <mailto:Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com>> > Olpc mailing list > olpc-open@laptop.org <mailto:olpc-open@laptop.org> <mailto:olpc-open@laptop.org <mailto:olpc-open@laptop.org>> > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com mailto:Fedora-ambassadors-list@redhat.com Olpc mailing list olpc-open@laptop.org mailto:olpc-open@laptop.org
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Rich,
ldapsearch -v -h 192.168.122.142 -s sub -U uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" -Y DIGEST-MD5 ldap_initialize( ldap://192.168.122.142 ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
On the client side :
[26/Oct/2010:18:15:17 +0200] conn=209 fd=73 slot=73 connection from 192.168.122.94 to 192.168.122.142 [26/Oct/2010:18:15:17 +0200] conn=209 op=0 BIND dn="" method=sasl version=3 mech=DIGEST-MD5 [26/Oct/2010:18:15:17 +0200] conn=209 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress [26/Oct/2010:18:15:23 +0200] conn=209 op=1 BIND dn="" method=sasl version=3 mech=DIGEST-MD5 [26/Oct/2010:18:15:23 +0200] conn=209 op=1 RESULT err=49 tag=97 nentries=0 etime=0 [26/Oct/2010:18:15:23 +0200] conn=209 op=-1 fd=73 closed - B1
BR Frederic ;)
On Tue, Oct 26, 2010 at 5:55 PM, Rich Megginson rmeggins@redhat.com wrote:
Frederic Hornain wrote:
Dear Rich,
Unfortunatly, it does not work.
Could I ask you to do a test on your default RHDS to see if that works ?
I know that DIGEST-MD5 does work.
If it works then could you provide me the corresponding openldapsearch command ?
Can you provide excerpts from your access log showing the failed bind attempt?
Thanks for your help.
BR Frederic ;)
On Tue, Oct 26, 2010 at 5:21 PM, Rich Megginson <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Frederic Hornain wrote: > Dear Rich, > > It is in clear text mode. > > BR > Fred ;) > > On Tue, Oct 26, 2010 at 5:07 PM, Rich Megginson <rmeggins@redhat.com <mailto:rmeggins@redhat.com> > <mailto:rmeggins@redhat.com <mailto:rmeggins@redhat.com>>> wrote: > > Frederic Hornain wrote: > > Dear *, > > > > How can I configure the Directory server in order to use
SASL
> > DIGEST-MD5 with ldapsearch qnd without error messages? >
http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administ...
> > SASL/DIGEST-MD5 requires that the userPassword is in clear
text.
> > > > ldapsearch -W -h xxx.xxx.xxx.xxx -U username -b > "dc=example,dc=com" -Y > The username must be in the form of "uid:username" or "dn:uid=username,ou=people,...suffix..." Also try -X instead of -U > > > DIGEST-MD5 > > Enter LDAP Password : xxxxx > > SASL/DIGEST-MD5 authentication started > > ldap_sasl_interactive_bind_s: Invalid credentials (49) > > additional info: SASL(-14): authorization failure: unable canonify > > user and get auxprops > > > > > > Thanks in advance for your help and your time. > > > > BR > > Frederic ;) > > > > ----------------------------------------------------- > > Fedora-ambassadors-list mailing list > > Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com> > <mailto:Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com>> > > <mailto:Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com> > <mailto:Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com>>> > > >
> > > > -- > > 389 users mailing list > > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > <mailto:389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>> > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > <mailto:389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>> > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > -- > ----------------------------------------------------- > Fedora-ambassadors-list mailing list > Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com> > <mailto:Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com>> > Olpc mailing list > olpc-open@laptop.org <mailto:olpc-open@laptop.org> <mailto:olpc-open@laptop.org <mailto:olpc-open@laptop.org>> >
> > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com mailto:Fedora-ambassadors-list@redhat.com Olpc mailing list olpc-open@laptop.org mailto:olpc-open@laptop.org
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 10/26/2010 9:14 AM, Frederic Hornain wrote:
Rich,
ldapsearch -v -h 192.168.122.142 -s sub -U uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" -Y DIGEST-MD5 ldap_initialize( ldap://192.168.122.142 http://192.168.122.142 ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
"uid:fhornain,ou=People,dc=example,dc=com"
If you use the "uid:" syntax, it should be followed by a uid, not a dn. Or you can use the "dn:" syntax if you want to use a dn.
You may have other things going on here, but the way you've specified the user definitely isn't going to work.
Dear Patrick,
ldapsearch -v -h 192.168.122.142 -s sub -U "dn:uidfhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y DIGEST-MD5 ldap_initialize( ldap://192.168.122.142 ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
Thanks for you help, I appreciate.
BR Frederic ;)
2010/10/26 Morris, Patrick patrick.morris@hp.com
On 10/26/2010 9:14 AM, Frederic Hornain wrote:
Rich,
ldapsearch -v -h 192.168.122.142 -s sub -U uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" -Y DIGEST-MD5 ldap_initialize( ldap://192.168.122.142 ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
"uid:fhornain,ou=People,dc=example,dc=com"
If you use the "uid:" syntax, it should be followed by a uid, not a dn. Or you can use the "dn:" syntax if you want to use a dn.
You may have other things going on here, but the way you've specified the user definitely isn't going to work.
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Frederic Hornain wrote:
Dear Patrick,
ldapsearch -v -h 192.168.122.142 -s sub -U "dn:uidfhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y DIGEST-MD5
use either -U "u:fhornain" or -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
ldap_initialize( ldap://192.168.122.142 http://192.168.122.142 ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
Thanks for you help, I appreciate.
BR Frederic ;)
2010/10/26 Morris, Patrick <patrick.morris@hp.com mailto:patrick.morris@hp.com>
On 10/26/2010 9:14 AM, Frederic Hornain wrote:
Rich, ldapsearch -v -h 192.168.122.142 -s sub -U uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" -Y DIGEST-MD5 ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
"uid:fhornain,ou=People,dc=example,dc=com" If you use the "uid:" syntax, it should be followed by a uid, not a dn. Or you can use the "dn:" syntax if you want to use a dn. You may have other things going on here, but the way you've specified the user definitely isn't going to work. -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com mailto:Fedora-ambassadors-list@redhat.com Olpc mailing list olpc-open@laptop.org mailto:olpc-open@laptop.org
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Rich, I tried with -U "u:fhornain" or -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
I still have the same problem.
Thanks for your help BR Frederic ;)
On Tue, Oct 26, 2010 at 6:40 PM, Rich Megginson rmeggins@redhat.com wrote:
Frederic Hornain wrote:
Dear Patrick,
ldapsearch -v -h 192.168.122.142 -s sub -U "dn:uidfhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y DIGEST-MD5
use either -U "u:fhornain" or -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
ldap_initialize( ldap://192.168.122.142 http://192.168.122.142 ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
Thanks for you help, I appreciate.
BR Frederic ;)
2010/10/26 Morris, Patrick <patrick.morris@hp.com mailto:patrick.morris@hp.com>
On 10/26/2010 9:14 AM, Frederic Hornain wrote:
Rich, ldapsearch -v -h 192.168.122.142 -s sub -U uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" -Y DIGEST-MD5 ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
"uid:fhornain,ou=People,dc=example,dc=com" If you use the "uid:" syntax, it should be followed by a uid, not a dn. Or you can use the "dn:" syntax if you want to use a dn. You may have other things going on here, but the way you've specified the user definitely isn't going to work. -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com mailto:Fedora-ambassadors-list@redhat.com Olpc mailing list olpc-open@laptop.org mailto:olpc-open@laptop.org
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-U fhornain ?
On 10/26/2010 02:28 PM, Frederic Hornain wrote:
Rich, I tried with -U "u:fhornain" or -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
I still have the same problem.
Thanks for your help BR Frederic ;)
On Tue, Oct 26, 2010 at 6:40 PM, Rich Megginson <rmeggins@redhat.com mailto:rmeggins@redhat.com> wrote:
Frederic Hornain wrote: > Dear Patrick, > > ldapsearch -v -h 192.168.122.142 -s sub -U > "dn:uidfhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y > DIGEST-MD5 use either -U "u:fhornain" or -U "dn:uid=fhornain,ou=People,dc=example,dc=com" > ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> <http://192.168.122.142> ) > SASL/DIGEST-MD5 authentication started > Please enter your password: > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-14): authorization failure: unable canonify > user and get auxprops > > > Thanks for you help, I appreciate. > > BR > Frederic ;) > > 2010/10/26 Morris, Patrick <patrick.morris@hp.com <mailto:patrick.morris@hp.com> > <mailto:patrick.morris@hp.com <mailto:patrick.morris@hp.com>>> > > On 10/26/2010 9:14 AM, Frederic Hornain wrote: >> Rich, >> >> >> ldapsearch -v -h 192.168.122.142 -s sub -U >> uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" >> -Y DIGEST-MD5 >> ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> <http://192.168.122.142> ) >> SASL/DIGEST-MD5 authentication started >> Please enter your password: >> ldap_sasl_interactive_bind_s: Invalid credentials (49) >> additional info: SASL(-14): authorization failure: unable >> canonify user and get auxprops > > "uid:fhornain,ou=People,dc=example,dc=com" > > If you use the "uid:" syntax, it should be followed by a uid, not > a dn. Or you can use the "dn:" syntax if you want to use a dn. > > You may have other things going on here, but the way you've > specified the user definitely isn't going to work. > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > <mailto:389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org>> > https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > -- > ----------------------------------------------------- > Fedora-ambassadors-list mailing list > Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com> > <mailto:Fedora-ambassadors-list@redhat.com <mailto:Fedora-ambassadors-list@redhat.com>> > Olpc mailing list > olpc-open@laptop.org <mailto:olpc-open@laptop.org> <mailto:olpc-open@laptop.org <mailto:olpc-open@laptop.org>> > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com mailto:Fedora-ambassadors-list@redhat.com Olpc mailing list olpc-open@laptop.org mailto:olpc-open@laptop.org
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Dear *,
I think I found the solution.
Indeed, you were all right !
The correct command yith the Openldap ldapsearch command is :
ldapsearch -v -h 192.168.122.142 -p 389 -s base -U "dn:uid=fhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y DIGEST-MD5 But you need to have the password of the user - here fhornain in clear mode text on the LDAP server - and be sure that your LDAP Server accept DIGEST-MD5 mechanism.
In order to check that, type the folloying command :
ldapsearch -x -LLL -h 192.168.122.142 -p 389 -b "" -s base -D "cn=Directory Manager" -w ThePassword objectclass=* supportedSASLMechanisms
If you have something like :
dn : supportedSASLMechanisms: DIGEST-MD5
Then it is OK.
Finally, my problem was due to the fact that I did "uid=fhornain,ou=People,dc=example,dc=com" instead of "dn:uid=fhornain,ou=People,dc=example,dc=com".
Sorry for that and Many thanks for your great help.
BR Frederic ;)
On Wed, Oct 27, 2010 at 12:01 AM, Marc Sauton msauton@redhat.com wrote:
-U fhornain ?
On 10/26/2010 02:28 PM, Frederic Hornain wrote:
Rich, I tried with -U "u:fhornain" or -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
I still have the same problem.
Thanks for your help BR Frederic ;)
On Tue, Oct 26, 2010 at 6:40 PM, Rich Megginson rmeggins@redhat.comwrote:
Frederic Hornain wrote:
Dear Patrick,
ldapsearch -v -h 192.168.122.142 -s sub -U "dn:uidfhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y DIGEST-MD5
use either -U "u:fhornain" or -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
ldap_initialize( ldap://192.168.122.142 http://192.168.122.142 ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
Thanks for you help, I appreciate.
BR Frederic ;)
2010/10/26 Morris, Patrick <patrick.morris@hp.com mailto:patrick.morris@hp.com>
On 10/26/2010 9:14 AM, Frederic Hornain wrote:
Rich, ldapsearch -v -h 192.168.122.142 -s sub -U uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com" -Y DIGEST-MD5 ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-14): authorization failure: unable canonify user and get auxprops
"uid:fhornain,ou=People,dc=example,dc=com" If you use the "uid:" syntax, it should be followed by a uid, not a dn. Or you can use the "dn:" syntax if you want to use a dn. You may have other things going on here, but the way you've specified the user definitely isn't going to work. -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com mailto:Fedora-ambassadors-list@redhat.com Olpc mailing list olpc-open@laptop.org mailto:olpc-open@laptop.org
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
--
Fedora-ambassadors-list mailing list Fedora-ambassadors-list@redhat.com Olpc mailing list olpc-open@laptop.org
-- 389 users mailing list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org