Authentication to AD failed using SASL DIGEST-MD5

I am trying to use ldapsearch to access AD. When I use a simple bind such as

ldapsearch -x -D "cn=My Name,cn=Users,dc=mydomain,dc=com" -w mypassword

everything works OK and I get the results that I expect. However, when I

try to use SASL DIGEST-MD5 authentication, such as

ldapsearch -Y DIGEST-MD5 -D "cn=My Name,cn=Users,dc=mydomain,dc=com"

then I always get an authentication error

ldap_sasl_interactive_bind_s: Invalid credentials (49)

additional info: 8009030C: LdapErr: DSID-0C09043E, comment:

AcceptSecurityContext error, data 0, vece

Any ideas what is going wrong?

Thanks in advance.

patty

[672 byte] By [Ldap4ua] at [2007-10-2 16:46:10]

«« serialVersionUID field warning issue
»» How to redirect system.out to a log file

# 1

Make sure which version of AD you are using: AD 2000 or AD 2003. For AD 2000, your binding with "cn=My Name,cn=Users,dc=mydomain,dc=com" should work; but if you are using AD 2003, the binding dn "cn=My Name,cn=Users,dc=mydomain,dc=com" would fail. Please try "My Name" instead.

For details, you can check the link below:

http://www.forumeasy.com/forums/thread.jsp?tid=115170863235&fid=ldapprof5&highlight=Why+DIGEST-MD5+Authentication+Does+Work

which summarized all working and not-working cases of Digest-Md5 authentication for SunOne, AD 2000 and AD 2003. It's quite informative.

ljzgbtca at 2007-7-13 17:56:36 >

Core APIs

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Authentication to AD failed using SASL DIGEST-MD5

Core New Topic

Core Hot Topic

Core

All Classified