Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ldapsearch -- troubles connecting to LDAP server (SASL config?)

3,695 views
Skip to first unread message

wi...@serensoft.com

unread,
Jul 16, 2009, 11:20:08 AM7/16/09
to
Hello Debianistas!

We're a bit new to the LDAP world and are having trouble configuring a
connection to the LDAP server.

Using "ldapsearch" as a diagnostic tool, here's what we are getting:

# ldapsearch -h 10.3.1.37
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)

So we need a username/password pair to connect then, right? We've
figured out how to specify the password, but not a username:

# ldapsearch -x -h 10.3.1.37 -W -X u:ldapuser
ldapsearch: -X incompatible with authentication choice

# ldapsearch -x -h 10.3.1.37 -W -U ldapuser
ldapsearch: incompatible previous authentication choice

As you can see, the manpage seems to be assuming some background
information we don't know yet. :) And googling turned up some
questions with overlap to ours here, but the answers don't appear to
be posted in their entirety.

:(

Any pointers welcome -- thanks!


# ldapsearch -x -h 10.3.1.37 -W
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object
text: 0000208D: NameErr: DSID-031001A8, problem 2001 (NO_OBJECT), data 0, bes
t match of:
''

# numResponses: 1

--
will trillich
"Tis the set of the sails / And not the gales / That tells the way we
go." -- Ella Wheeler Wilcox


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

David A. Parker

unread,
Jul 16, 2009, 12:20:13 PM7/16/09
to

You need to specify the username as part of the bind DN using the -D option:

ldapsearch -h ldap.example.com -b "<base DN here>" -D
"cn=<username>,<rest of bind DN here>" -W <filter>

- Dave

--

Dave Parker
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

Alex Samad

unread,
Jul 16, 2009, 4:50:17 PM7/16/09
to
On Thu, Jul 16, 2009 at 09:59:26AM -0500, wi...@serensoft.com wrote:
> Hello Debianistas!
>
> We're a bit new to the LDAP world and are having trouble configuring a
> connection to the LDAP server.
>
> Using "ldapsearch" as a diagnostic tool, here's what we are getting:
>
> # ldapsearch -h 10.3.1.37

you haven't said what type of authentication you have setup or what
acl's you have on the tree

as somebody else pointed out try the -D the bind user options. I would
try

ldapsearch -x
this uses simple auth and binds as anonymous, you might need to supply
the base as well. then

ldapsearch -x -D "DN for bind user " -w -b"<base>"

and go from there


--
"I mean, if you've ever been a governor of a state, you understand the vast potential of broadband technology, you understand how hard it is to make sure that physics, for example, is taught in every classroom in the state. It's difficult to do. It's, like, cost-prohibitive."

- George W. Bush
06/24/2004
Washington, DC

signature.asc
0 new messages