[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL External Mechanism

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: SASL External Mechanism
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 29 Dec 2003 08:57:56 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <m3k74fh9qn.fsf@marin.l4b.de>
References: <F8593836-3862-11D8-9CB1-000A95C71776@freezone.co.uk> <m3k74fh9qn.fsf@marin.l4b.de>

At 08:25 AM 12/29/2003, Dieter Kluenter wrote:
>ms419@freezone.co.uk writes:
>
>> I've successfully installed and configured openLDAP with TLS
>> support. I am trying to authenticate using the SASL EXTERNAL
>> mechanism, as described in the Administrator's Guide. I can use TLS,
>> but can't authenticate using EXTERNAL.
>>
>> ldapsearch -x -H "ldaps://ldap" -s base -b "" supportedSASLMechanisms
>[...]
>
>> How do I make the EXTERNAL mechanism available?
>
>You have to initiate starttls by using the flag -Z
>ldapsearch -Y EXTERNAL -ZZ -b "" -s base supportedSASLMechanisms

While -Z indicates to client to use the LDAP Start TLS
operation to initiate TLS (SSL), one can also use -H ldaps://
to implicitly initiate TLS (SSL) upon TCP connect (if the
server has been configured to support ldaps://).  See archives
for details.

The user's problem is more likely a case of not asserting
the client's certificate.

Kurt

Follow-Ups:
- Re: SASL External Mechanism
  - From: ms419@freezone.co.uk

References:
- SASL External Mechanism
  - From: ms419@freezone.co.uk
- Re: SASL External Mechanism
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: RE: About openldap and mysql databases
Next by Date: Re: OS for LDAP
Index(es):
- Chronological
- Thread