John Burian <[EMAIL PROTECTED]> writes: > Dieter Kluenter wrote: >> From your remarks on CA and certificate a assume that you want to use >> TLS, while your ldapwhoami seems to indicate that you want to make use >> of PLAIN mechanism, which is disabled by default, unless you >> provide a secure transport method, that is either TLS or local socket. >> Unless you provide more information on the parameters used, no advice >> can be given.
> Correct, I want to be using SASL/PLAIN over TLS. The following works: > > $ ldapwhoami -x -W -D 'uid=burianj,ou=people,dc=cqcb' > Enter LDAP Password: > dn:uid=burianj,ou=People,dc=cqcb > Result: Success (0) This is *not* a SASL bind > > The same command without '-x -W', or ldapwhoami with no args, does not work: > > $ ldapwhoami -D 'uid=burianj,ou=people,dc=cqcb' > SASL/PLAIN authentication started > Please enter your password: > ldap_sasl_interactive_bind_s: Invalid credentials (49) > additional info: SASL(-13): user not found: Password > verification failed if you want a SASL bind with PLAIN mechanism and TLS, the ldapwhoami should look something like $ ldapwhoami -Y PLAIN -U burianj -ZZ -H ldap://localhost -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
