On Fri, 05 Mar 2010 09:21:06 +0100, "Dieter Kluenter" <[email protected]> wrote: > <[email protected]> writes: > >> Hello list, >> >> this is my first time trying to set up SASL, I'm probably doing >> something wrong. Anyhow: > [...] >> - when starting slapd without -d I get: >> >> $ ldapsearch -v -h localhost -LLL -U ldapadmin -D >> "cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de" -b >> "ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" >> ldap_initialize( ldap://localhost:10389 ) >> SASL/DIGEST-MD5 authentication started >> Please enter your password: >> ldap_sasl_interactive_bind_s: Internal (implementation specific) error >> (80) >> additional info: SASL(-1): generic failure: > > try ldapsearch -Y DIGEST-MD5 -U ldapadmin -w password -b ...
I did try without -D before, it doesn't help: $ ldapsearch -v -h localhost -LLL -Y DIGEST-MD5 -U ldapadmin -w ***** -b "ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" '*' ldap_initialize( ldap://localhost:389 ) SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-1): generic failure: Again: the strange point being that when starting slapd from CLI with -d XXX everything works. I only get the error when letting slapd disassociate (ie without -d): # /etc/init.d/openldap stop Stopping OpenLDAP ...[ok] # /usr/local/openldap/libexec/slapd -f /usr/local/openldap/etc/openldap/slapd.conf -d 64 ... slapd starting $ ldapsearch -v -h localhost -LLL -Y DIGEST-MD5 -U ldapadmin -w **** -b "ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" '*' ldap_initialize( ldap://localhost:389 ) SASL/DIGEST-MD5 authentication started SASL username: ldapadmin SASL SSF: 128 SASL installing layers filter: cn=ldapadmin requesting: * dn: cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de cn: ldapadmin gidNumber: 5000 objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: posixAccount objectClass: person objectClass: top sn: Admin uid: ldapadmin uidNumber: 5000 homeDirectory: /tmp userPassword:: **** ...back to root shell, stop slapd and restart without -d... # ^c ... slapd stopped. # /usr/local/openldap/libexec/slapd -f /usr/local/openldap/etc/openldap/slapd.conf $ ldapsearch -v -h localhost -LLL -Y DIGEST-MD5 -U ldapadmin -w *** -b "ou=Users,dc=hh,dc=supported,dc=de" -s sub "cn=ldapadmin" '*' ldap_initialize( ldap://localhost:10389 ) SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-1): generic failure: Any idea? Thanks! Btw: I've duplicated this setup on a Debian box. On that one everything works... Cheers, Ralph
