Help with: openldap / active directory / sasl
Flaherty, Patrick
pflaherty at wsi.com
Thu Aug 12 18:14:09 EDT 2010
Hey All,
I'm trying to bind to LDAP interface using SASL. The ldap interface is
running on an active directory server.
Using a basic un/pw bind works:
ldapsearch -h somead.local -b "" -s base -x -D "myuser at myrhelm" -W
Outputs what I would expect, but....
ldapsearch -h somead.local -b "" -s base -Y DIGEST-MD5 -D
"myuser at myrhelm" -W
Outputs:
Enter LDAP Password:
SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: 8009030C: LdapErr: DSID-0C09043E, comment:
AcceptSecurityContext error, data 0, vece
I'm a bit stumped.
I was under the impression that sasl/digest-md5 was it's own
authentication method, that I didn't have to have a kerb ticket to make
the call. It's common for linux ldap to ad connections to have Kerberos
setup, I don't think it's necessary. Googling around for an answer has
been a study in futility.
Anyone know the magic for doing sasl auth against an ad server? I know
there the server is set up for "reversible" passwords, so I don't think
that's the issue.
Why does LDAP+AD hate me? I'm a fun guy! I just wanna chat with it about
some stuff...
Patrick
More information about the gnhlug-discuss
mailing list