Help with: openldap / active directory / sasl
Bruce Dawson
jbd at codemeta.com
Thu Aug 12 21:06:36 EDT 2010
If I remember correctly Active Directory requires Kerberos.
Unfortunately, its been almost a year since I worked on that project,
and I don't remember much. Maybe some of the Microsoft/Linux interface
"members" can help?!
--Bruce
On 08/12/2010 06:14 PM, Flaherty, Patrick wrote:
> Hey All,
>
> I'm trying to bind to LDAP interface using SASL. The ldap interface is
> running on an active directory server.
>
> Using a basic un/pw bind works:
> ldapsearch -h somead.local -b "" -s base -x -D "myuser at myrhelm" -W
>
> Outputs what I would expect, but....
>
> ldapsearch -h somead.local -b "" -s base -Y DIGEST-MD5 -D
> "myuser at myrhelm" -W
>
> Outputs:
> Enter LDAP Password:
> SASL/DIGEST-MD5 authentication started
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> additional info: 8009030C: LdapErr: DSID-0C09043E, comment:
> AcceptSecurityContext error, data 0, vece
>
> I'm a bit stumped.
>
> I was under the impression that sasl/digest-md5 was it's own
> authentication method, that I didn't have to have a kerb ticket to make
> the call. It's common for linux ldap to ad connections to have Kerberos
> setup, I don't think it's necessary. Googling around for an answer has
> been a study in futility.
>
> Anyone know the magic for doing sasl auth against an ad server? I know
> there the server is set up for "reversible" passwords, so I don't think
> that's the issue.
>
> Why does LDAP+AD hate me? I'm a fun guy! I just wanna chat with it about
> some stuff...
>
> Patrick
>
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
More information about the gnhlug-discuss
mailing list