[389-users] openldap ldapsearch command

Frederic Hornain fhornain at gmail.com
Wed Oct 27 09:30:18 UTC 2010 

Dear *,

I think I found the solution.

Indeed, you were all right !

The correct command yith the Openldap ldapsearch command is :

ldapsearch -v -h 192.168.122.142 -p 389 -s base -U
"dn:uid=fhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y
DIGEST-MD5
But you need to have the password of the user - here fhornain in clear mode
text on the LDAP server - and be sure that your LDAP Server accept
DIGEST-MD5 mechanism.

In order to check that, type the folloying command :

ldapsearch -x -LLL -h 192.168.122.142 -p 389 -b "" -s base -D "cn=Directory
Manager" -w ThePassword objectclass=* supportedSASLMechanisms


If you have something like :

dn :
supportedSASLMechanisms: DIGEST-MD5

Then it is OK.


Finally, my problem was due to the fact that I did
"uid=fhornain,ou=People,dc=example,dc=com" instead of
"dn:uid=fhornain,ou=People,dc=example,dc=com".

Sorry for that and Many thanks for your great help.

BR
Frederic ;)







On Wed, Oct 27, 2010 at 12:01 AM, Marc Sauton <msauton at redhat.com> wrote:

> -U fhornain
> ?
>
>
> On 10/26/2010 02:28 PM, Frederic Hornain wrote:
>
> Rich,
> I tried with
> -U "u:fhornain"
> or
> -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
>
> I still have the same problem.
>
> Thanks for your help
> BR
> Frederic ;)
>
>
> On Tue, Oct 26, 2010 at 6:40 PM, Rich Megginson <rmeggins at redhat.com>wrote:
>
>> Frederic Hornain wrote:
>> > Dear Patrick,
>> >
>> > ldapsearch -v -h 192.168.122.142 -s sub -U
>> > "dn:uidfhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com" -Y
>> > DIGEST-MD5
>> use either
>> -U "u:fhornain"
>> or
>> -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
>>
>> > ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> )
>> > SASL/DIGEST-MD5 authentication started
>> > Please enter your password:
>> > ldap_sasl_interactive_bind_s: Invalid credentials (49)
>> >     additional info: SASL(-14): authorization failure: unable canonify
>> > user and get auxprops
>> >
>> >
>> > Thanks for you help, I appreciate.
>> >
>> > BR
>> > Frederic ;)
>> >
>> > 2010/10/26 Morris, Patrick <patrick.morris at hp.com
>> > <mailto:patrick.morris at hp.com>>
>> >
>> >     On 10/26/2010 9:14 AM, Frederic Hornain wrote:
>> >>     Rich,
>> >>
>> >>
>> >>     ldapsearch -v -h 192.168.122.142 -s sub -U
>> >>     uid:fhornain,ou=People,dc=example,dc=com -b "dc=example,dc=com"
>> >>     -Y DIGEST-MD5
>> >>     ldap_initialize( ldap://192.168.122.142 <http://192.168.122.142> )
>> >>     SASL/DIGEST-MD5 authentication started
>> >>     Please enter your password:
>> >>     ldap_sasl_interactive_bind_s: Invalid credentials (49)
>> >>         additional info: SASL(-14): authorization failure: unable
>> >>     canonify user and get auxprops
>> >
>> >     "uid:fhornain,ou=People,dc=example,dc=com"
>> >
>> >     If you use the "uid:" syntax, it should be followed by a uid, not
>> >     a dn.  Or you can use the "dn:" syntax if you want to use a dn.
>> >
>> >     You may have other things going on here, but the way you've
>> >     specified the user definitely isn't going to work.
>> >
>> >     --
>> >     389 users mailing list
>> >     389-users at lists.fedoraproject.org
>> >     <mailto:389-users at lists.fedoraproject.org>
>> >     https://admin.fedoraproject.org/mailman/listinfo/389-users
>> >
>> >
>> >
>> >
>> > --
>> > -----------------------------------------------------
>> > Fedora-ambassadors-list mailing list
>> > Fedora-ambassadors-list at redhat.com
>> > <mailto:Fedora-ambassadors-list at redhat.com>
>> > Olpc mailing list
>> > olpc-open at laptop.org <mailto:olpc-open at laptop.org>
>> > ------------------------------------------------------------------------
>>  >
>> > --
>> > 389 users mailing list
>> > 389-users at lists.fedoraproject.org
>> > https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
> -----------------------------------------------------
> Fedora-ambassadors-list mailing list
> Fedora-ambassadors-list at redhat.com
> Olpc mailing list
> olpc-open at laptop.org
>
>
> --
> 389 users mailing list389-users at lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
>


-- 
-----------------------------------------------------
Fedora-ambassadors-list mailing list
Fedora-ambassadors-list at redhat.com
Olpc mailing list
olpc-open at laptop.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20101027/f5693718/attachment.html>

More information about the 389-users mailing list