Re: OpenLDAP authenticate the username/password with MS-AD?

Mon, 19 Jul 2010 10:54:58 -0700 

I have added a new user with the pass {sasl}[email protected] then i checked 
it Apache Directory Studio it shows SASL hashed password. When I checked show 
details then it shows me {sasl}[email protected].

but if i run ldapsearch -x -D "cn=oshim,dc=myproject,dc=net" -W -b 
dc=myproject,dc=net
Enter LDAP Password: 
ldap_bind: Invalid credentials (49) 

it shows same error.


On Jul 19, 2010, at 10:37 PM, Jonathan Clarke wrote:

> Le 19/07/2010 18:07, OSHIM a écrit :
>> I have added into /etc/ldap/slapd.conf
>> sasl-host localhost
>> sasl-secprops none
>> 
>> and also have created usr/lib/sasl2/slapd.conf and have added following
>> two lines
>> pwcheck_method: saslauthd
>> saslauthd_path: / var / run / saslauthd / mux
> 
> With this configuration, saslauthd should be called for simple (non-sasl) 
> binds.
> 
> Have you set the userPassword attribute in your OpenLDAP entry to 
> "{sasl}swios...@something" ? And compiled OpenLDAP using the --enable-spasswd 
> switch ?
> 
> Jonathan
> 
> 
>> 
>> On Jul 19, 2010, at 9:57 PM, Dan White wrote:
>> 
>>> On 19/07/10 21:18 +0600, OSHIM wrote:
>>>> i have configured saslauthd with openldap to authenticate MS AD
>>>> when I run testsaslauthd -u swioshim -p Test2010 then i got 0: OK
>>>> "Success."
>>>> (swioshim is my MS AD user and Test2010 password coming from MS AD)
>>>> 
>>>> but when i run
>>>> ldapsearch -x -D "cn=swioshim,dc=myproject,dc=com" -W -b
>>>> dc=myproject,dc=com
>>>> 
>>>> then getting error : ldap_bind: Invalid credentials (49)
>>>> 
>>>> please help
>>> 
>>> saslauthd will not be called for simple (non-sasl) binds. You will need to
>>> tell ldapsearch to bind with SASL, such as:
>>> 
>>> ldapsearch -U swioshim -W -b dc=myproject,dc=com
>>> 
>>> You'll need to configure /usr/lib/sasl2/slapd.conf with:
>>> 
>>> pwcheck_method: saslauthd
>>> mech_list: plain login
>>> 
>>> And if you want to map the derived authentication identity to a DN in your
>>> slapd tree, then you'll need to configure appropriate authz-regexp
>>> statements. See chapter 15 (Using SASL) of the OpenLDAP administrator's
>>> guide.
>>> 
>>> --
>>> Dan White
>> 
> 
> 
> -- 
> --------------------------------------------------------------
> Jonathan Clarke - [email protected]
> --------------------------------------------------------------
> Ldap Synchronization Connector (LSC) - http://lsc-project.org
> --------------------------------------------------------------

Reply via email to