[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL problems.

Hello Mathias,

* Mathias wrote:

> Hello all!
> I've struggled for days now, trying to get authentication working in
> OpenLDAP. With no luck. It boils down to a SASL problem, I
> think. Searching for any relevant information hasn't helped much.
> The problem:
> When doing authentication or something other than simple binds I get:
> "ldap_sasl_interactive_bind_s: Unknown authentication method"

How is the command you invoked? You have to use -x .
> This was with the following search:
> 'ldapsearch -H ldaps:/// -I -b "" -s base -LLL supportedSASLMechanisms'
> Using;
> 'ldapsearch -H ldaps:/// -x -b "" -s base -LLL supportedSASLMechanisms'
> I get: 	supportedSASLMechanisms: PLAIN
> 	supportedSASLMechanisms: LOGIN
> I've searched the list-archive numerous times, but I can't find exactly  
> what the problem is. I found a HOWTO by Turbo Fredriksson which describes
> a problem with Cyrus SASL v1.5.24, but I'm not sure how to move on from
> here. I saw somewhere in the SASL docs that you have to recompile all
> programs using the SASL libs when installing a new one. Does this mean I
> have to recompile OpenLDAP? The new SASL libs I built should have the same
> version number as the ones preinstalled on my system(RH 7.1).
> My goal: To get authentication working over TLS/SSL. I haven't played with
> kerberos yet, but I think configure included it. I configured and compiled
> OpenLDAP-2.0.11 with the following parameters:
> CPPFLAGS=-I<my-path-to-ssl>
> LDFLAGS=-L<my-path-to-openssl-libs>
> configure --with-tls --with-cyrus-sasl
> make depend etc.
> Everything went fine and all tests were successful. But using TLS with
> clients will not work.

Have you installed pam_ldap and nss_ldap?
Have configured pam properly?
> Please help me. I'm stuck.

If you don't use Kerberos to authenticate your user, you did'nt need
SASL. If you use Kerberos(V5) you need cyrus-sasl with --enable-gssapi.  

  .´  `.                    bye  
  : :' !                        Waldemar
  `. `´  Debian/GNU Linux