[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL problems.

To: openldap-software@OpenLDAP.org
Subject: Re: SASL problems.
From: Waldemar Brodkorb <waldemar.brodkorb@web.de>
Date: Fri, 24 Aug 2001 20:22:00 +0200
Content-disposition: inline
In-reply-to: <Pine.LNX.4.21.0108241308370.1363-100000@marwin>
References: <Pine.LNX.4.21.0108241308370.1363-100000@marwin>
User-agent: Mutt/1.3.20i

Hello Mathias,

* Mathias wrote:

> 
> Hello all!
> 
> I've struggled for days now, trying to get authentication working in
> OpenLDAP. With no luck. It boils down to a SASL problem, I
> think. Searching for any relevant information hasn't helped much.
> 
> The problem:
> When doing authentication or something other than simple binds I get:
> "ldap_sasl_interactive_bind_s: Unknown authentication method"

How is the command you invoked? You have to use -x .
 
> This was with the following search:
> 'ldapsearch -H ldaps:/// -I -b "" -s base -LLL supportedSASLMechanisms'
> 
> Using;
> 'ldapsearch -H ldaps:/// -x -b "" -s base -LLL supportedSASLMechanisms'
> 
> I get: 	supportedSASLMechanisms: PLAIN
> 	supportedSASLMechanisms: LOGIN
> 
> I've searched the list-archive numerous times, but I can't find exactly  
> what the problem is. I found a HOWTO by Turbo Fredriksson which describes
> a problem with Cyrus SASL v1.5.24, but I'm not sure how to move on from
> here. I saw somewhere in the SASL docs that you have to recompile all
> programs using the SASL libs when installing a new one. Does this mean I
> have to recompile OpenLDAP? The new SASL libs I built should have the same
> version number as the ones preinstalled on my system(RH 7.1).
> 
> My goal: To get authentication working over TLS/SSL. I haven't played with
> kerberos yet, but I think configure included it. I configured and compiled
> OpenLDAP-2.0.11 with the following parameters:
> 
> CPPFLAGS=-I<my-path-to-ssl>
> LDFLAGS=-L<my-path-to-openssl-libs>
> 
> configure --with-tls --with-cyrus-sasl
> 
> make depend etc.
> 
> Everything went fine and all tests were successful. But using TLS with
> clients will not work.

Have you installed pam_ldap and nss_ldap?
Have configured pam properly?
 
> Please help me. I'm stuck.

If you don't use Kerberos to authenticate your user, you did'nt need
SASL. If you use Kerberos(V5) you need cyrus-sasl with --enable-gssapi.  

-- 
    __
  .´  `.                    bye  
  : :' !                        Waldemar
  `. `´  Debian/GNU Linux
    `-

References:
- SASL problems.
  - From: Mathias Meisfjordskar <mathiasm@ifi.uio.no>

Prev by Date: Re: SASL authentication - please help
Next by Date: Problem with OpenLDAP 2.0.11 and JNDI
Index(es):
- Chronological
- Thread