[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
send_ldap_result: err=7 matched="" text="SASL(-4): no mechanism available: External SSF not good enough"
- To: openldap-bugs@OpenLDAP.org
- Subject: send_ldap_result: err=7 matched="" text="SASL(-4): no mechanism available: External SSF not good enough"
- From: robertdircio@netscape.net (Roberto Dircio Palacios-Macedo (picsou))
- Date: Fri, 07 Mar 2003 13:39:33 -0500
Hello all:
I'm in the process of building openldap as db backend for heimdal, the platform is HPUX 11....
heimdal is trying to use sasl/external as the mechanism to bind to slapd, but slapd doesn't seem to recognize it as a mech. However this same build is running fine in linux x86.
The build order is:
db-4.1.25.NC
openssl-0.9.6h
cyrus-sasl-2.1.12
heimdal-0.5.1
openldap-2.1.12
heimdal-0.5.1 with support to openldap
got it all built... checked ldd for deps, nothing really substantial...
sasl mechs as in sample-server ans sample-client are: ANONYMOUS PLAIN GSSAPI OTP DIGEST-MD5 CRAM-MD5
The problem is when i get to init a kerberos realm... using heimdal's kadmin -l... trying to do
> init my.domain
i get this:
kadmin: hdb_open: ldap_sasl_bind_s: Authentication method not supported
and text="SASL(-4): no mechanism available: External SSF not good enough" in my slapd log....
hdbopen is calling ldap_sasl_bind with the EXTERNAL mechanism.
googled it and found some people having this with perl-ldap... but no real solution.
The exact same config was compiled and worked ok in x86 redhat and slackware.
slapd log output:
-------------------------------------------------------------------
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech EXTERNAL
==> sasl_bind: dn="" mech=EXTERNAL datalen=0
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=7 matched="" text="SASL(-4): no mechanism available: External SSF not good enough"
send_ldap_response: msgid=1 tag=97 err=7
ber_flush: 76 bytes to sd 9
0000: 30 4a 02 01 01 61 45 0a 01 07 04 00 04 3e 53 41 0J...aE......>SA
0010: 53 4c 28 2d 34 29 3a 20 6e 6f 20 6d 65 63 68 61 SL(-4): no mecha
0020: 6e 69 73 6d 20 61 76 61 69 6c 61 62 6c 65 3a 20 nism available:
0030: 45 78 74 65 72 6e 61 6c 20 53 53 46 20 6e 6f 74 External SSF not
0040: 20 67 6f 6f 64 20 65 6e 6f 75 67 68 good enough
ldap_write: want=76, written=76
0000: 30 4a 02 01 01 61 45 0a 01 07 04 00 04 3e 53 41 0J...aE......>SA
0010: 53 4c 28 2d 34 29 3a 20 6e 6f 20 6d 65 63 68 61 SL(-4): no mecha
0020: 6e 69 73 6d 20 61 76 61 69 6c 61 62 6c 65 3a 20 nism available:
0030: 45 78 74 65 72 6e 61 6c 20 53 53 46 20 6e 6f 74 External SSF not
0040: 20 67 6f 6f 64 20 65 6e 6f 75 67 68 good enough
<== slap_sasl_bind: rc=7
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9)
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ldap_read: want=9, got=7
0000: 30 05 02 01 02 42 00 0....B.
ber_get_next: tag 0x30 len 5 contents:
ber_dump: buf=0x401e48b8 ptr=0x401e48b8 end=0x401e48bd len=5
0000: 02 01 02 42 00 ...B.
ber_get_next
ldap_read: want=9, got=0
ber_get_next on fd 9 failed errno=0 (Error 0)
connection_read(9): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=9 for close
connection_close: deferring conn=0 sd=9
do_unbind
connection_resched: attempting closing conn=0 sd=9
connection_close: conn=0 sd=9
daemon: removing 9
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: select: listen=7 active_threads=1 tvp=NULL
daemon: select: listen=8 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
-----------------------------------------------
--
-----------------------------------------------
robertodirciopalaciosmacedo
__________________________________________________________________
The NEW Netscape 7.0 browser is now available. Upgrade now! http://channels.netscape.com/ns/browsers/download.jsp
Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/