Dear *,
I think I found the solution.
Indeed, you were all right !
The correct command yith the Openldap ldapsearch command is :
ldapsearch -v -h 192.168.122.142 -p 389 -s base -U
"dn:uid=fhornain,ou=People,dc=example,dc=com" -b "dc=example,dc=com"
-Y
DIGEST-MD5
But you need to have the password of the user - here fhornain in clear mode
text on the LDAP server - and be sure that your LDAP Server accept
DIGEST-MD5 mechanism.
In order to check that, type the folloying command :
ldapsearch -x -LLL -h 192.168.122.142 -p 389 -b "" -s base -D
"cn=Directory
Manager" -w ThePassword objectclass=* supportedSASLMechanisms
If you have something like :
dn :
supportedSASLMechanisms: DIGEST-MD5
Then it is OK.
Finally, my problem was due to the fact that I did
"uid=fhornain,ou=People,dc=example,dc=com" instead of
"dn:uid=fhornain,ou=People,dc=example,dc=com".
Sorry for that and Many thanks for your great help.
BR
Frederic ;)
On Wed, Oct 27, 2010 at 12:01 AM, Marc Sauton <msauton(a)redhat.com> wrote:
-U fhornain
?
On 10/26/2010 02:28 PM, Frederic Hornain wrote:
Rich,
I tried with
-U "u:fhornain"
or
-U "dn:uid=fhornain,ou=People,dc=example,dc=com"
I still have the same problem.
Thanks for your help
BR
Frederic ;)
On Tue, Oct 26, 2010 at 6:40 PM, Rich Megginson <rmeggins(a)redhat.com>wrote:
> Frederic Hornain wrote:
> > Dear Patrick,
> >
> > ldapsearch -v -h 192.168.122.142 -s sub -U
> > "dn:uidfhornain,ou=People,dc=example,dc=com" -b
"dc=example,dc=com" -Y
> > DIGEST-MD5
> use either
> -U "u:fhornain"
> or
> -U "dn:uid=fhornain,ou=People,dc=example,dc=com"
>
> > ldap_initialize( ldap://192.168.122.142 <
http://192.168.122.142> )
> > SASL/DIGEST-MD5 authentication started
> > Please enter your password:
> > ldap_sasl_interactive_bind_s: Invalid credentials (49)
> > additional info: SASL(-14): authorization failure: unable canonify
> > user and get auxprops
> >
> >
> > Thanks for you help, I appreciate.
> >
> > BR
> > Frederic ;)
> >
> > 2010/10/26 Morris, Patrick <patrick.morris(a)hp.com
> > <mailto:patrick.morris@hp.com>>
> >
> > On 10/26/2010 9:14 AM, Frederic Hornain wrote:
> >> Rich,
> >>
> >>
> >> ldapsearch -v -h 192.168.122.142 -s sub -U
> >> uid:fhornain,ou=People,dc=example,dc=com -b
"dc=example,dc=com"
> >> -Y DIGEST-MD5
> >> ldap_initialize( ldap://192.168.122.142 <
http://192.168.122.142>
)
> >> SASL/DIGEST-MD5 authentication started
> >> Please enter your password:
> >> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> >> additional info: SASL(-14): authorization failure: unable
> >> canonify user and get auxprops
> >
> > "uid:fhornain,ou=People,dc=example,dc=com"
> >
> > If you use the "uid:" syntax, it should be followed by a uid, not
> > a dn. Or you can use the "dn:" syntax if you want to use a dn.
> >
> > You may have other things going on here, but the way you've
> > specified the user definitely isn't going to work.
> >
> > --
> > 389 users mailing list
> > 389-users(a)lists.fedoraproject.org
> > <mailto:389-users@lists.fedoraproject.org>
> >
https://admin.fedoraproject.org/mailman/listinfo/389-users
> >
> >
> >
> >
> > --
> > -----------------------------------------------------
> > Fedora-ambassadors-list mailing list
> > Fedora-ambassadors-list(a)redhat.com
> > <mailto:Fedora-ambassadors-list@redhat.com>
> > Olpc mailing list
> > olpc-open(a)laptop.org <mailto:olpc-open@laptop.org>
> > ------------------------------------------------------------------------
> >
> > --
> > 389 users mailing list
> > 389-users(a)lists.fedoraproject.org
> >
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
-----------------------------------------------------
Fedora-ambassadors-list mailing list
Fedora-ambassadors-list(a)redhat.com
Olpc mailing list
olpc-open(a)laptop.org
--
389 users mailing
list389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
--
-----------------------------------------------------
Fedora-ambassadors-list mailing list
Fedora-ambassadors-list(a)redhat.com
Olpc mailing list
olpc-open(a)laptop.org