[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "ldapsearch -I" doesn't give desired result



At 10:36 AM 1/8/01 +0100, Jankok, Lucio wrote:
>I have qmail-ldap working with cyrus-sasl but not completely, I would
>like to get it working completely.
>
>I have two questions; 
>        1) I would like to know how I can make "ldapsearch -I" to return
>            the supported sasl mechanism without having to explicitely
>            specify the mechanism.

Whenever -Y is not specified (and SASL authenticate is used),
the client will attempt to anonymously read the supportedSASLmechanims
attribute from the root DSE.  This can fail for many reasons (such
as ACLs or no supported mechanisms).

The client will then select the "best" mechanism from the listed
one it also supports.

>        2) I would like to know how I can make "ldapsearch -I -Y mechanism"
>             authenticate from the sasldb database. 

Well, the answer to this question is complex.  There are multiple
mechanisms which are affected by numerous factors.

I generally suggest folks get the Cyrus sample client/server
working first (for service 'ldap') then test slapd/ldapsearch
with explicit arguments before attempting to use interactive
or automatic modes.