[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: TLS/SASL problems

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of alan milligan

> Hi,
> Someone asked a question somewhat similar to this the other day and did not
> receive a relevant answer at all.  I too am very interested in the answer as
> it must be a very basic question.

Yes indeed. So basic, in fact, that it is on the FAQ (with the answer).
Perhaps that's why no one bothered to answer the specific email.

> I have installed openldap-2.0.19 and cyrus-sasl-1.5.27 and have authldap
> working fine as long as I don't use TLS or SASL.  I run Linux 2.4.12 and
> OpenSSL-0.9.6b.
> I have been doing a lot of frustrating testing over the last couple of weeks
> with the ldapsearch client, again to no avail.  As long as I use the -x
> option ( simple authentication instead of SASL), it works fine.  But when I
> try SASL authentication, I get a failure with: ldap_sasl_interactive_bind_s:
> No such attribute
> Debug on slapd suggests the attribute is supportedSASLMechanisms:

The FAQ is a bit terse, here's a more detailed explanation:

Slapd fills the supportedSASLMechanisms attribute with values taken directly
from the SASL library. If your slapd does not report this attribute, that means
it didn't get any mechanism names from SASL. If you have SASL installed on your
server, this means that you have not configured it correctly. You should run
the SASL sample client and server first to verify that you have SASL configured
properly. If those programs succeed, then slapd should report the supported

Note that searching the archive of this mailing list would also turn up this
same answer, several times.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support