[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_sasl_interative_bind_s error

To: Theodore Knab <tjk@annapolislinux.org>, openldap-software@OpenLDAP.org
Subject: Re: ldap_sasl_interative_bind_s error
From: David Wright <ichbin@shadlen.org>
Date: Mon, 08 Apr 2002 13:39:45 -0700
References: <20020408201900.GA31689@annapolislinux.org>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.9) Gecko/20020402 Debian/2:0.9.9-4

Without a -x, the ldap* commands attempt to bind using SASL authentication, rather than straight, cleartext password authentication. If you want to use SASL authentication, you'll have to set it up.

IMHO, SASL is a worse than useless security system. It stores passwords in cleartext and thinks it is improving security by allowing authentication by passing, in cleartext, the MD5 hash of a password. Unfortunately, SASL managed to get itself into the v3 LDAP spec.

Either always use the -x or recompile OpenLDAP --without-sasl.

Follow-Ups:
- Re: ldap_sasl_interative_bind_s error
  - From: Theodore Knab <tjk@annapolislinux.org>

References:
- ldap_sasl_interative_bind_s error
  - From: Theodore Knab <tjk@annapolislinux.org>

Prev by Date: ldapsearch display certificate
Next by Date: Re: ldap_sasl_interative_bind_s error
Index(es):
- Chronological
- Thread