Ldapsearch and AD

[Guest]

I am trying to use ldapsearch to access AD. When I use a simple bind such as
ldapsearch -x -D "cn=My Name,cn=Users,dc=mydomain,dc=com" -w mypassword
everything works OK and I get the results that I expect. However, when I
try to use SASL DIGEST-MD5 authentication, such as
ldapsearch -Y DIGEST-MD5 -D "cn=My Name,cn=Users,dc=mydomain,dc=com"
then I always get an authentication error

ldap_sasl_interactive_bind_s: Invalid credentials (49)
additional info: 8009030C: LdapErr: DSID-0C09043E, comment:
AcceptSecurityContext error, data 0, vece

Any ideas what is going wrong?

Steve

 

[Paul Bergson]

I could be wrong but believe sasl uses ssl.

Try loading up the rsk ldp tool and first bind on port 389 (unsecure) if
that work then bind on port 636 (ssl). If this fails then check to see if
you have the root ca certificate in your store.

 

[Guest]

Thanks for the reply -- but SASL doesn't need SSL. I think tht I have worked
it out now -- I was using a test AD domain in which I have never changed my
password -- so the DIGEST-MD5 password hashes had not be calculated, hence
the failure to authenticate all the time. Once I changed my password,
everything was OK.