Topic: ldapwhoami and SME

[mophilly]

I am trying to authenticate a user from an application running on a client of the SME 8 server. The user is a member of the Users group in SME. The client machine is a CentOS 5 installed for testing although I have confirmed the following behavior on a Mac OS X client as well.

This works when the admin password is entered:

Code: [Select]

ldapsearch -x -h ldap.mydomain.com -p 389 -b dc=ldap,dc=mydomain,dc=com  "(uid=mark)"  cn sn displayName
However using the admin password in the client app is not wise.

This fails when run on the client machine or run on the SME server console:

Code: [Select]

ldapwhoami -n -v -h ldap.mydomain.com -p 389 -D "ou=Users,uid=mark,dc=mydomain,dc=com" -w markspwd -x;
The output is...

Code: [Select]

ldap_initialize( ldap://ldap.mydomain.com:389 )
ldap_bind: Invalid credentials (49)
I have verified the password. I don't see what is missing.

Any help and suggestions greatly appreciated.

[Daniel B.]

Code: [Select]

ldapsearch -x -h ldap.mydomain.com -p 389 -b dc=ldap,dc=mydomain,dc=com  "(uid=mark)"  cn sn displayName

Here, you're using anonymous bind (no -D arg), so you just see what an anonymous user can see without any other security requirement.

Code: [Select]

ldapwhoami -n -v -h ldap.mydomain.com -p 389 -D "ou=Users,uid=mark,dc=mydomain,dc=com" -w markspwd -x;

And here, you're trying to bind to the LDAP server as a valid user. For this to work, you must use either SSL or TLS. You can use SSL on port 636 with -H ldaps://ldap.mydomain.com instead of -h ldap.mydomain.com -p 389. Or you can use TLS on port 389, for this, you just have to add -ZZ to your commandline.

In any case, for this to work, you need to be able to verify the certificate of your SME Server box.

Regards, Daniel

[mophilly]

Thank you, Daniel. I appreciate the response, and I am glad to have some direction to guide my efforts.