[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL problems.

At 04:48 AM 2001-08-24, Mathias Meisfjordskar wrote:

>Hello all!
>I've struggled for days now, trying to get authentication working in
>OpenLDAP. With no luck. It boils down to a SASL problem, I
>think. Searching for any relevant information hasn't helped much.
>The problem:
>When doing authentication or something other than simple binds I get:
>"ldap_sasl_interactive_bind_s: Unknown authentication method"
>This was with the following search:
>'ldapsearch -H ldaps:/// -I -b "" -s base -LLL supportedSASLMechanisms'
>'ldapsearch -H ldaps:/// -x -b "" -s base -LLL supportedSASLMechanisms'
>I get:  supportedSASLMechanisms: PLAIN
>        supportedSASLMechanisms: LOGIN

I assume you have gotten the Cyrus SASL sample client/server to work.
This is a required first step.

This implies that the client is unwilling to use PLAIN or LOGIN.
You may have to toy with SASL options.  Also, using -Y to specify
the SASL mechanism will avoid discovery headaches (which doesn't
appear to be a problem in your case).

You might also try with -ZZ instead of ldaps://.

>My goal: To get authentication working over TLS/SSL. I haven't played with
>kerberos yet, but I think configure included it.

It's best to avoid OpenLDAP w/ Kerberos IV (as this is namely for LDAPv2)
and use OpenLDAP w/ SASL/GSSAPI (for Kerberos V) instead.