RE: SASL External : unknown authentication method

["Howard Chu" <hyc@highlandsun.com>]

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Francois Beretti

> hello all
>
> I get this error :
>
> [francois@linux-integ francois]$ ldapsearch -ZZ -Y EXTERNAL
> ldap_sasl_interactive_bind_s: Unknown authentication method (86)
>         additional info: SASL(-4): no mechanism available: No worthy
> mechs found

Your debug log indicates that the server configuration is OK. The problem
seems to be that the client is unable to use the EXTERNAL mechanism. The "No
worthy mechs found" message usually means that the available mechanisms
didn't provide strong enough security. Perhaps your SSL settings negotiated a
cleartext cipher or some other weak encoding. Or the SSL session may be fine,
but the information about the session could not be retrieved. Since you're
using OpenSSL 0.9.6b, I'll note that I've run into certificate problems when
client and server used different versions of the OpenSSL library, and
versions less than 0.9.6e are all suspect.

Run the ldapsearch with debugging enabled and see what it's doing.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support