[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP + SASL

To: <matt@roderco.net>
Subject: Re: OpenLDAP + SASL
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Fri, 7 May 2004 15:18:26 +0200 (CEST)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <PITMAIL02PikMAOt7dK000087cd@pitmail02.gac.com>
References: <004d01c43431$9e0bc5b0$0e01a8c0@CELLO> <PITMAIL02PikMAOt7dK000087cd@pitmail02.gac.com>

This is how getopt(3) and ALL UN*X programs work: if you specify an option
(a '-' followed by a letter or a number) which REQUIRES a value, the value
  MUST be present.  If you use "-Y" you MUST specify the mechanism; if you
want the client to choose the best, don't use "-Y".  Is it clear, now?

p.


> From the man page:
>        -Y mech
>               Specify  the  SASL  mechanism  to be used for
> authentication.
> If
>               it's not specified, the program will choose the  best
> mechanism
>               the server knows.
>
> I assume i can specify the agrument to the option, but to me it sounds
> like it can't find any mechanism to use.
>
> Anyhow, this is neither here nor there
>
> When I use: ldapsearch -h localhost -p 389 -x -b "" -s base -L
> supportedSASLMechanisms
>
> i get this:
>
> debian:/tmp# ldapsearch -h localhost -p 389 -x -b "" -s base -L
> supportedSASLMechanisms
> version: 1
>
> #
> # LDAPv3
> # base <> with scope base
> # filter: (objectclass=*)
> # requesting: supportedSASLMechanisms
> #
>
> #
> dn:
>
> # search result
>
> # numResponses: 2
> # numEntries: 1
> debian:/tmp#
>
> What should i be looking for if i'm expecting
>
> supportedSASLMechanisms: ANONYMOUS
> supportedSASLMechanisms: GSSAPI
>
>
>
> "Howard Chu" <hyc@highlandsun.com> wrote:
>>
>>> -----Original Message-----
>>> From: owner-openldap-software@OpenLDAP.org
>>> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matt
>>> Heitzenroder
>>
>>> Thanks for your help, unfortunately i'm pretty new to ldap
>>> and i really
>>> don't understand what you mean.  can you further explain it to me?
>>
>>Reread the ldapsearch(1) man page and see how the "-Y" option is
>> supposed to be used. You cannot specify it by itself, it expects an
>> argument. The argument should be the name of a valid SASL mechanism.
>>
>>> "Pierangelo Masarati" <ando@sys-net.it> wrote:
>>> >
>>> >
>>> >> debian:/usr/lib/sasl2# ldapsearch -h localhost -p 389 -Y
>>> -s base -LLL
>>> >
>>> >-Y requires the mech you selected as an argument; see ldapsearch(1)
>>> (and any other client's manpage, they work exactly the same)
>>
>>  -- Howard Chu
>>  Chief Architect, Symas Corp.       Director, Highland Sun
>>  http://www.symas.com               http://highlandsun.com/hyc
>>  Symas: Premier OpenSource Development and Support
>>
>>
>>
>
> ~~~~~~~~~~~~~~~~~~
> Matt Heitzenroder
> RoderCo, LLC
> http://www.roderco.net
> 412.779.6100
> ~~~~~~~~~~~~~~~~~~


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it




    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- Re: OpenLDAP + SASL
  - From: "Matt Heitzenroder" <matt@roderco.net>

References:
- RE: OpenLDAP + SASL
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: OpenLDAP + SASL
  - From: "Matt Heitzenroder" <matt@roderco.net>

Prev by Date: Re: OpenLDAP + SASL
Next by Date: Fw: RE: No Such Object Error: I can't solve
Index(es):
- Chronological
- Thread