I am using OpenLDAP 2.4.7 in an Ubuntu 8.04 server.
I have in my tree an user whose "userPassword" attribute is
"{CLEARTEXT}testpass".
This command works:
$ ldapwhoami -U testuser -w testpass
SASL/DIGEST-MD5 authentication started
SASL username: testuser
SASL SSF: 128
SASL data security layer installed.
dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br
But I don't know why this one doesn't work...
$ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass
ldap_bind: Invalid credentials (49)
The command above works only after removing the "{CLEARTEXT}" string before the
real password:
$ ldapmodify -U testuser -w testpass
SASL/DIGEST-MD5 authentication started
SASL username: testuser
SASL SSF: 128
SASL data security layer installed.
dn: uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br
changetype: modify
replace: userPassword
userPassword: testpass
modifying entry "uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br"
$ ldapwhoami -x -D 'uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br' -w testpass
dn:uid=testuser,ou=people,dc=cefetrs,dc=tche,dc=br
-------------------
My doubt is: if an user have his password set to "{CLEARTEXT}<real password>",
it should be able to authenticate itself either with simple authentication or
with SASL, doesn't it?
--
Anderson Medeiros Gomes
[EMAIL PROTECTED]
Coordenadoria de Manutenção e Redes
Centro Federal de Educação Tecnológica de Pelotas
http://www.cefetrs.tche.br/
