[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL EXTERNAL & Debian
The SASL EXTERNAL mechanism is working with OpenLDAP on my OS X
machine, but not on my Debian machines.
"slapd.conf", "ldap.conf", and "~/.ldaprc" are essentially identical on
all machines.
"slapd.conf" contains:
---
TLSCACertificateFile /etc/openldap/cacert.pem
TLSVerifyClient demand
---
and "~/.ldaprc" contains:
---
TLS_CERT /etc/openldap/cert.pem
TLS_KEY /etc/openldap/key.pem
---
On the OS X machine, "ldapsearch -h gol -ZZ -Y EXTERNAL -s base -b ""
supportedSASLMechanisms":
---
SASL/EXTERNAL authentication started
SASL username: CN=gol
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#
#
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: EXTERNAL
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
---
but on either Debian machine, "ldapsearch -h gol -ZZ -Y EXTERNAL -s
base -b "" supportedSASLMechanisms":
---
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (86)
additional info: SASL(-4): no mechanism available:
---
I'm running up-to-date versions of SASL and OpenLDAP:
---
ii libsasl2 2.1.18-4 Authentication abstraction library
ii slapd 2.1.29-2 OpenLDAP server (slapd)
---
I suspect that, since the EXTERNAL mechanism is working with one
distribution (OS X) and not another (Debian), it must be compiled
differently in each case? I've been through the SASL installation
documentation, however, and can't figure out what's necessary to enable
the EXTERNAL mechanism.
Any help much appreciated!
Thanks,
Jack