[Date Prev][Date Next]
RE: [CONFUSED] OpenLDAP 2.0.x,2.1.x sasl differences *was*OpenLDAP sasl authentication from non localhost?
This is probably because Cyrus 1.5's SASL-DIGEST mech didn't implement
the checks on the Digest-URI field of the handshake. Just a guess, I
haven't looked at it.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: firstname.lastname@example.org
> [mailto:email@example.com]On Behalf Of Edward Rudd
> Sent: Monday, June 02, 2003 5:14 PM
> To: OpenLDAP; Cyrus-SASL
> Subject: Re: [CONFUSED] OpenLDAP 2.0.x,2.1.x sasl differences
> *was*OpenLDAP sasl authentication from non localhost?
> OK I loaded up another system and put a openldap 2.1.x installation on
> it.. (Vmware is awesome).. that system can connect to my openldap
> 2.1.19 server fine w/ sasl authentication..
> My RH 7.3 box with openldap 2.0.27 however can only
> authenticate to the
> 2.1.19 server if I use CRAM-MD5.. if I use DIGEST-MD5 I give me the
> previously mentioned error.. Is this a cyrus issue?? an openldap
> issue?? or what??
> I thought the SASL protocol was a standard specification and didn't
> change between the 1.5 and 2.1 revisions.. I know the programming API
> changed... But should apps written to a network based sasl
> protocl work
> with both ???
> at least this sort gets around one issue I'm having.. Now on
> to getting
> ldapdb to correctly work
> On Mon, 2003-06-02 at 11:53, Edward Rudd wrote:
> > I finally have openldap 2.1.19 up and running and doing sasl
> > authentication. but only from the local machine.. If I try to run
> > ldapsearch on another system and use the -h parameter it
> fails.. ie..
> > ldapsearch -h devel -U firstname.lastname@example.org -b o=MyOrg,c=US
> > I get back this error
> > ldap_sasl_interactive_bind_s: Invalid credentials
> > additional info: SASL(-13): authentication failure: client
> > response doesn't match what we generated
> > Any clue why??
> > the client machine is running openldap 2.0.27 and cyrus-sasl-1.5.24
> > (stock RH 7.3)
> Edward Rudd <email@example.com>