Trying to get ldapsearch on ESX 3.0.x to work without simple binding. In otherwords no -x parameter. Simple binding is sending the password in clear text which is just not allowed. I have our ldapsearch queries working just fine with simple binding, but want to eliminate simple binding. We are using ldapsearch against Microsoft AD Windows 2003.
For example...
/usr/bin/ldapsearch -x -v -LLL -h prototype.dachshund.org -b DC=dachshund,DC=org -D Administrator@dachshund.org -W -u -tt -T /LDAP/Data/UsersGroup "(samAccountName=UsersGroup)" member
But...
/usr/bin/ldapsearch -v -LLL -h prototype.dachshund.org -b DC=dachshund,DC=org -D Administrator@dachshund.org -W -u -tt -T /LDAP/Data/UsersGroup "(samAccountName=UsersGroup)" member
Returns...
Enter LDAP Password:
ldap_sasl_interactive_bind_s: Local error
Since -x is not being used SASL is expected by Microsoft AD? No clue how to set the LDAP password in AD either. I believe the default method is MD5 hash encrypted passwords for SASL? Any help would be appreciated.