[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: No such attribute using SASL

On Thu, 14 Sep 2000, Kurt D. Zeilenga wrote:

> At 10:18 AM 9/14/00 -0400, Joseph A. Martin wrote:
> >I have OpenLDAP 2.0.1 installed and running now. I also have the Cyrus
> >SASL libraries installed. I have some dummy entries in the database
> >and when I run `ldapsearch -x` they are printed out. When I run a
> >simple `ldapsearch` I receive the following message:
> >
> >ldap_sasl_interactive_bind_s: No such attribute
> This implies that supportedSASLMechanisms attribute is not available
> in the Root DSE.  You should be able to use
>         ldapsearch -x -b "" -s base supportedSASLMechanisms
> to see what is (or isn't) listed.

I begin to stumble towards understanding...

I ran that command and found that nothing was listed. Hhm.

I read the slapd.conf man page and found reference to a few SASL
options. I put the following two lines in my slapd.conf file:

sasl-realm "LATER.DUDE"
sasl-secprops none

After adding the lines I restarted slapd and ran the search again.
This time I got the following result:

version: 2

# filter: (objectclass=*)
# requesting: supportedSASLMechanisms 

supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: ANONYMOUS

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

When I run just `ldapsearch` again I get the following:

ldap_sasl_interactive_bind_s: Unknown authentication method

I assume this is because I don't have any strong authentication setup.
Or maybe not. I'm still figuring all this out. I think I still have
some bugs to work out of my SASL configuration. For instance if I
make any changes at all to the aforementioned slapd.conf options the
SASL mechanisms dissappear again.

Still, just wanted to let you know that I am experimenting and
learning. Thanks for your e-mail. Are there any another slapd config
options I need to know about or apply? Is the behavior I am seeing

the "LaterDude" @ (martinja@ice-works.com || ICQ #52640402)

All opinions expressed are my own and not necessarily those of
my employer unless otherwise noted.