[389-users] openldap ldapsearch command
Frederic Hornain
fhornain at gmail.com
Wed Oct 27 09:30:18 UTC 2010
Dear *,
I think I found the solution.
Indeed, you were all right !
The correct command yith the Openldap ldapsearch command is :
ldapsearch -v -h 192.168.122.142 -p 389 -s base -U
"dn:uid=fhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y
DIGEST-MD5
But you need to have the password of the user - here fhornain in clear mode
text on the LDAP server - and be sure that your LDAP Server accept
DIGEST-MD5 mechanism.
In order to check that, type the folloying command :
ldapsearch -x -LLL -h 192.168.122.142 -p 389 -b "" -s base -D "cn=Directory
Manager" -w ThePassword objectclass=* supportedSASLMechanisms
If you have something like :
dn :
supportedSASLMechanisms: DIGEST-MD5
Then it is OK.
Finally, my problem was due to the fact that I did
"uid=fhornain,ou=People,dc=example,dc=com" instead of
"dn:uid=fhornain,ou=People,dc=example,dc=com".
Sorry for that and Many thanks for your great help.
BR
Frederic ;)
On Wed, Oct 27, 2010 at 12:01 AM, Marc Sauton <msauton at redhat.com> wrote:
> -U fhornain
> ?
>
>
> On 10/26/2010 02:28 PM, Frederic Hornain wrote:
>
> Rich,
> I tried with
> -U "u:fhornain"
> or
> -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
>
> I still have the same problem.
>
> Thanks for your help
> BR
> Frederic ;)
>
>
> On Tue, Oct 26, 2010 at 6:40 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>> Frederic Hornain wrote:
>> > Dear Patrick,
>> >
>> > ldapsearch -v -h 192.168.122.142 -s sub -U
>> > "dn:uidfhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y
>> > DIGEST-MD5
>> use either
>> -U "u:fhornain"
>> or
>> -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
>>
>> > ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> )
>> > SASL/DIGEST-MD5 authentication started
>> > Please enter your password:
>> > ldap_sasl_interactive_bind_s: Invalid credentials (49)
>> > additional info: SASL(-14): authorization failure: unable canonify
>> > user and get auxprops
>> >
>> >
>> > Thanks for you help, I appreciate.
>> >
>> > BR
>> > Frederic ;)
>> >
>> > 2010/10/26 Morris, Patrick <patrick.morris at hp.com
>> > <mailto:patrick.morris at hp.com>>
>> >
>> > On 10/26/2010 9:14 AM, Frederic Hornain wrote:
>> >> Rich,
>> >>
>> >>
>> >> ldapsearch -v -h 192.168.122.142 -s sub -U
>> >> uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com"
>> >> -Y DIGEST-MD5
>> >> ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> )
>> >> SASL/DIGEST-MD5 authentication started
>> >> Please enter your password:
>> >> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>> >> additional info: SASL(-14): authorization failure: unable
>> >> canonify user and get auxprops
>> >
>> > "uid:fhornain,ou=People,dc=example,dc=com"
>> >
>> > If you use the "uid:" syntax, it should be followed by a uid, not
>> > a dn. Or you can use the "dn:" syntax if you want to use a dn.
>> >
>> > You may have other things going on here, but the way you've
>> > specified the user definitely isn't going to work.
>> >
>> > --
>> > 389 users mailing list
>> > 389-users at lists.fedoraproject.org
>> > <mailto:389-users at lists.fedoraproject.org>
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> >
>> >
>> > --
>> > -----------------------------------------------------
>> > Fedora-ambassadors-list mailing list
>> > Fedora-ambassadors-list at redhat.com
>> > <mailto:Fedora-ambassadors-list at redhat.com>
>> > Olpc mailing list
>> > olpc-open at laptop.org <mailto:olpc-open at laptop.org>
>> > ------------------------------------------------------------------------
>> >
>> > --
>> > 389 users mailing list
>> > 389-users at lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
> -----------------------------------------------------
> Fedora-ambassadors-list mailing list
> Fedora-ambassadors-list at redhat.com
> Olpc mailing list
> olpc-open at laptop.org
>
>
> --
> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>
--
-----------------------------------------------------
Fedora-ambassadors-list mailing list
Fedora-ambassadors-list at redhat.com
Olpc mailing list
olpc-open at laptop.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20101027/f5693718/attachment.html>
More information about the 389-users
mailing list