Dan White wrote:
On 06/10/11 09:24 +0000, [email protected] wrote:
Hi,
I am trying to authenticate an Oracle db user against OpenLDAP.
Porting of schema information is ok, ssl-handshake ok, sasl-bind seems ok, SASL
works:
ldapwhoami -U testuser -R us.oracle.com -H ldap:/// -Y DIGEST-MD5
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: testuser
SASL SSF: 128
SASL data security layer installed.
dn:cn=testuser,cn=users,dc=its
Run the above ldapwhoami command with "-d7" and see what digest-uri was used
in the working request.
Trying to authenticate the oracle-client throws a 'bad digest-uri'-error
assuming
digest-uri="ldap:/us.oracle.com":
This is not valid URL syntax. If it's a configured item then fix your config.
If it's generated automatically by Oracle then file a bug report with Oracle.
conn=1014 op=1 RESULT tag=97 err=49 text=SASL(-13): authentication
failure: bad digest-uri: doesn't match service
On the Oracle client:
SQL> connect testuser
Enter password:
ERROR:
ORA-28043: invalid bind credentials for DB-OID connection
Warning: You are no longer connected to ORACLE.
SQL>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
