test:~/lsc/etc# ldapsearch -U oshim -W -b dc=myproject,dc=net Enter LDAP Password: SASL/DIGEST-MD5 authentication started ldap_sasl_interactive_bind_s: Invalid credentials (49)
On Jul 19, 2010, at 9:57 PM, Dan White wrote: > On 19/07/10 21:18 +0600, OSHIM wrote: >> i have configured saslauthd with openldap to authenticate MS AD >> when I run testsaslauthd -u swioshim -p Test2010 then i got 0: OK >> "Success." >> (swioshim is my MS AD user and Test2010 password coming from MS AD) >> >> but when i run >> ldapsearch -x -D "cn=swioshim,dc=myproject,dc=com" -W -b dc=myproject,dc=com >> >> then getting error : ldap_bind: Invalid credentials (49) >> >> please help > > saslauthd will not be called for simple (non-sasl) binds. You will need to > tell ldapsearch to bind with SASL, such as: > > ldapsearch -U swioshim -W -b dc=myproject,dc=com > > You'll need to configure /usr/lib/sasl2/slapd.conf with: > > pwcheck_method: saslauthd > mech_list: plain login > > And if you want to map the derived authentication identity to a DN in your > slapd tree, then you'll need to configure appropriate authz-regexp > statements. See chapter 15 (Using SASL) of the OpenLDAP administrator's > guide. > > -- > Dan White
