[Date Prev][Date Next]
Re: SASL problems.
At 04:48 AM 2001-08-24, Mathias Meisfjordskar wrote:
>I've struggled for days now, trying to get authentication working in
>OpenLDAP. With no luck. It boils down to a SASL problem, I
>think. Searching for any relevant information hasn't helped much.
>When doing authentication or something other than simple binds I get:
>"ldap_sasl_interactive_bind_s: Unknown authentication method"
>This was with the following search:
>'ldapsearch -H ldaps:/// -I -b "" -s base -LLL supportedSASLMechanisms'
>'ldapsearch -H ldaps:/// -x -b "" -s base -LLL supportedSASLMechanisms'
>I get: supportedSASLMechanisms: PLAIN
> supportedSASLMechanisms: LOGIN
I assume you have gotten the Cyrus SASL sample client/server to work.
This is a required first step.
This implies that the client is unwilling to use PLAIN or LOGIN.
You may have to toy with SASL options. Also, using -Y to specify
the SASL mechanism will avoid discovery headaches (which doesn't
appear to be a problem in your case).
You might also try with -ZZ instead of ldaps://.
>My goal: To get authentication working over TLS/SSL. I haven't played with
>kerberos yet, but I think configure included it.
It's best to avoid OpenLDAP w/ Kerberos IV (as this is namely for LDAPv2)
and use OpenLDAP w/ SASL/GSSAPI (for Kerberos V) instead.