[Date Prev][Date Next]
Re: SASL problems.
* Mathias wrote:
> Hello all!
> I've struggled for days now, trying to get authentication working in
> OpenLDAP. With no luck. It boils down to a SASL problem, I
> think. Searching for any relevant information hasn't helped much.
> The problem:
> When doing authentication or something other than simple binds I get:
> "ldap_sasl_interactive_bind_s: Unknown authentication method"
How is the command you invoked? You have to use -x .
> This was with the following search:
> 'ldapsearch -H ldaps:/// -I -b "" -s base -LLL supportedSASLMechanisms'
> 'ldapsearch -H ldaps:/// -x -b "" -s base -LLL supportedSASLMechanisms'
> I get: supportedSASLMechanisms: PLAIN
> supportedSASLMechanisms: LOGIN
> I've searched the list-archive numerous times, but I can't find exactly
> what the problem is. I found a HOWTO by Turbo Fredriksson which describes
> a problem with Cyrus SASL v1.5.24, but I'm not sure how to move on from
> here. I saw somewhere in the SASL docs that you have to recompile all
> programs using the SASL libs when installing a new one. Does this mean I
> have to recompile OpenLDAP? The new SASL libs I built should have the same
> version number as the ones preinstalled on my system(RH 7.1).
> My goal: To get authentication working over TLS/SSL. I haven't played with
> kerberos yet, but I think configure included it. I configured and compiled
> OpenLDAP-2.0.11 with the following parameters:
> configure --with-tls --with-cyrus-sasl
> make depend etc.
> Everything went fine and all tests were successful. But using TLS with
> clients will not work.
Have you installed pam_ldap and nss_ldap?
Have configured pam properly?
> Please help me. I'm stuck.
If you don't use Kerberos to authenticate your user, you did'nt need
SASL. If you use Kerberos(V5) you need cyrus-sasl with --enable-gssapi.
.´ `. bye
: :' ! Waldemar
`. `´ Debian/GNU Linux