Re: SASL Auth with -d ok, otherwise internal error 80
li...@supported.de writes: Hello list, this is my first time trying to set up SASL, I'm probably doing something wrong. Anyhow: [...] - when starting slapd without -d I get: $ ldapsearch -v -h localhost -LLL -U ldapadmin -D cn=ldapadmin,ou=Users,dc=hh,dc=supported,dc=de -b ou=Users,dc=hh,dc=supported,dc=de -s sub cn=ldapadmin ldap_initialize( ldap://localhost:10389 ) SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-1): generic failure: try ldapsearch -Y DIGEST-MD5 -U ldapadmin -w password -b ... -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:8EF7B6C6 53°37'09,95N 10°08'02,42E
Re: DNS discovery for OpenLDAP?
Jaap Winius jwin...@umrk.nl writes: In the course of my research into a solution involving Kerberos, OpenLDAP and OpenAFS (a.k.a. the Magic Trio), I've discovered that both Kerberos and OpenAFS support methods of DNS discovery, but that OpenLDAP apparently does not. Is this correct? OpenLDAP's command-line tools support service discovery using DNS SRV records. See, for instance, the ldapsearch man page: -H ldapuri Specify URI(s) referring to the ldap server(s); a list of URI, separated by whitespace or commas is expected; only the protocol/host/port fields are allowed. As an exception, if no host/port is specified, but a DN is, the DN is used to look up the corresponding host(s) using the DNS SRV records, according to RFC 2782. I'm not sure if this is also available directly in the library or if the client has to implement it. -- Russ Allbery (r...@stanford.edu) http://www.eyrie.org/~eagle/
Re: DNS discovery for OpenLDAP?
Russ Allbery wrote: Jaap Winiusjwin...@umrk.nl writes: In the course of my research into a solution involving Kerberos, OpenLDAP and OpenAFS (a.k.a. the Magic Trio), I've discovered that both Kerberos and OpenAFS support methods of DNS discovery, but that OpenLDAP apparently does not. Is this correct? OpenLDAP's command-line tools support service discovery using DNS SRV records. See, for instance, the ldapsearch man page: -H ldapuri Specify URI(s) referring to the ldap server(s); a list of URI, separated by whitespace or commas is expected; only the protocol/host/port fields are allowed. As an exception, if no host/port is specified, but a DN is, the DN is used to look up the corresponding host(s) using the DNS SRV records, according to RFC 2782. I'm not sure if this is also available directly in the library or if the client has to implement it. This feature is implemented in the OpenLDAP client code, not in libldap. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/