Ldapsearch and AD

Toggle sidebar Toggle sidebar
S

Stevec

Distinguished
May 25, 2001
15
0
18,510
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am trying to use ldapsearch to access AD. When I use a simple bind such as
ldapsearch -x -D "cn=My Name,cn=Users,dc=mydomain,dc=com" -w mypassword
everything works OK and I get the results that I expect. However, when I
try to use SASL DIGEST-MD5 authentication, such as
ldapsearch -Y DIGEST-MD5 -D "cn=My Name,cn=Users,dc=mydomain,dc=com"
then I always get an authentication error

ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: 8009030C: LdapErr: DSID-0C09043E, comment:
AcceptSecurityContext error, data 0, vece

Any ideas what is going wrong?

Steve
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I could be wrong but believe sasl uses ssl.

Try loading up the rsk ldp tool and first bind on port 389 (unsecure) if
that work then bind on port 636 (ssl). If this fails then check to see if
you have the root ca certificate in your store.

--

Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"SteveC" <SteveC@discussions.microsoft.com> wrote in message
news:A9F857C2-C76D-4FE1-A4AA-BC0AAF42154B@microsoft.com...
> I am trying to use ldapsearch to access AD. When I use a simple bind such
as
> ldapsearch -x -D "cn=My Name,cn=Users,dc=mydomain,dc=com" -w mypassword
> everything works OK and I get the results that I expect. However, when I
> try to use SASL DIGEST-MD5 authentication, such as
> ldapsearch -Y DIGEST-MD5 -D "cn=My Name,cn=Users,dc=mydomain,dc=com"
> then I always get an authentication error
>
> ldap_sasl_interactive_bind_s: Invalid credentials (49)
> additional info: 8009030C: LdapErr: DSID-0C09043E, comment:
> AcceptSecurityContext error, data 0, vece
>
> Any ideas what is going wrong?
>
> Steve
>
 
S

Stevec

Distinguished
May 25, 2001
15
0
18,510
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks for the reply -- but SASL doesn't need SSL. I think tht I have worked
it out now -- I was using a test AD domain in which I have never changed my
password -- so the DIGEST-MD5 password hashes had not be calculated, hence
the failure to authenticate all the time. Once I changed my password,
everything was OK.

"Paul Bergson" wrote:

> I could be wrong but believe sasl uses ssl.
>
> Try loading up the rsk ldp tool and first bind on port 389 (unsecure) if
> that work then bind on port 636 (ssl). If this fails then check to see if
> you have the root ca certificate in your store.
>
> --
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
> "SteveC" <SteveC@discussions.microsoft.com> wrote in message
> news:A9F857C2-C76D-4FE1-A4AA-BC0AAF42154B@microsoft.com...
> > I am trying to use ldapsearch to access AD. When I use a simple bind such
> as
> > ldapsearch -x -D "cn=My Name,cn=Users,dc=mydomain,dc=com" -w mypassword
> > everything works OK and I get the results that I expect. However, when I
> > try to use SASL DIGEST-MD5 authentication, such as
> > ldapsearch -Y DIGEST-MD5 -D "cn=My Name,cn=Users,dc=mydomain,dc=com"
> > then I always get an authentication error
> >
> > ldap_sasl_interactive_bind_s: Invalid credentials (49)
> > additional info: 8009030C: LdapErr: DSID-0C09043E, comment:
> > AcceptSecurityContext error, data 0, vece
> >
> > Any ideas what is going wrong?
> >
> > Steve
> >
>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom