This example demonstrates an error that occurs when the directory server fails to translate the user name specified in the -u option to a fully qualified distinguished name (FQDN). In the directory is an object located by the FQDN, cn=identity mapping, cn=config. The children of this object contain configuration information that assists the directory server in transforming the user name into an FQDN. In order to view the identity mappings, you must search the directory as the directory administrator.
The identity mappings found in the directory take one of two forms. The most efficient form is the one that uses pattern matching and substitutions. The other form runs a directory search based on the form of the user name.
$ ldapsearch -U diperm01@testing -H ldap://esroot -b "" -s base -W -Z Enter LDAP password: Invalid credentials additional info: SASL(-1): generic failure: unable canonify user and get auxprops $
The Teradata LDAP authentication does not support DIGEST-MD5. DIGEST-MD5 must not be used. Use SIMPLE binding instead.