[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP + SASL

To: "Pierangelo Masarati" <ando@sys-net.it>
Subject: Re: OpenLDAP + SASL
From: "Matt Heitzenroder" <matt@roderco.net>
Date: Fri, 07 May 2004 09:23:12 -0400
Cc: <openldap-software@OpenLDAP.org>
References: <004d01c43431$9e0bc5b0$0e01a8c0@CELLO> <PITMAIL02PikMAOt7dK000087cd@pitmail02.gac.com> <44392.131.175.154.56.1083935906.squirrel@webmail.sys-net.it>

clear now, thanks (ya learn something new every day)

now only if i could get this pesky ldap & sasl to work 

"Pierangelo Masarati" <ando@sys-net.it> wrote:
>
>This is how getopt(3) and ALL UN*X programs work: if you specify an option
>(a '-' followed by a letter or a number) which REQUIRES a value, the value
>  MUST be present.  If you use "-Y" you MUST specify the mechanism; if you
>want the client to choose the best, don't use "-Y".  Is it clear, now?
>
>p.
>
>
>> From the man page:
>>        -Y mech
>>               Specify  the  SASL  mechanism  to be used for
>> authentication.
>> If
>>               it's not specified, the program will choose the  best
>> mechanism
>>               the server knows.
>>
>> I assume i can specify the agrument to the option, but to me it sounds
>> like it can't find any mechanism to use.
>>
>> Anyhow, this is neither here nor there
>>
>> When I use: ldapsearch -h localhost -p 389 -x -b "" -s base -L
>> supportedSASLMechanisms
>>
>> i get this:
>>
>> debian:/tmp# ldapsearch -h localhost -p 389 -x -b "" -s base -L
>> supportedSASLMechanisms
>> version: 1
>>
>> #
>> # LDAPv3
>> # base <> with scope base
>> # filter: (objectclass=*)
>> # requesting: supportedSASLMechanisms
>> #
>>
>> #
>> dn:
>>
>> # search result
>>
>> # numResponses: 2
>> # numEntries: 1
>> debian:/tmp#
>>
>> What should i be looking for if i'm expecting
>>
>> supportedSASLMechanisms: ANONYMOUS
>> supportedSASLMechanisms: GSSAPI
>>
>>
>>
>> "Howard Chu" <hyc@highlandsun.com> wrote:
>>>
>>>> -----Original Message-----
>>>> From: owner-openldap-software@OpenLDAP.org
>>>> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matt
>>>> Heitzenroder
>>>
>>>> Thanks for your help, unfortunately i'm pretty new to ldap
>>>> and i really
>>>> don't understand what you mean.  can you further explain it to me?
>>>
>>>Reread the ldapsearch(1) man page and see how the "-Y" option is
>>> supposed to be used. You cannot specify it by itself, it expects an
>>> argument. The argument should be the name of a valid SASL mechanism.
>>>
>>>> "Pierangelo Masarati" <ando@sys-net.it> wrote:
>>>> >
>>>> >
>>>> >> debian:/usr/lib/sasl2# ldapsearch -h localhost -p 389 -Y
>>>> -s base -LLL
>>>> >
>>>> >-Y requires the mech you selected as an argument; see ldapsearch(1)
>>>> (and any other client's manpage, they work exactly the same)
>>>
>>>  -- Howard Chu
>>>  Chief Architect, Symas Corp.       Director, Highland Sun
>>>  http://www.symas.com               http://highlandsun.com/hyc
>>>  Symas: Premier OpenSource Development and Support
>>>
>>>
>>>
>>
>> ~~~~~~~~~~~~~~~~~~
>> Matt Heitzenroder
>> RoderCo, LLC
>> http://www.roderco.net
>> 412.779.6100
>> ~~~~~~~~~~~~~~~~~~
>
>
>-- 
>Pierangelo Masarati
>mailto:pierangelo.masarati@sys-net.it
>
>
>
>
>    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
>
>
>

~~~~~~~~~~~~~~~~~~
Matt Heitzenroder
RoderCo, LLC
http://www.roderco.net
412.779.6100
~~~~~~~~~~~~~~~~~~

References:
- RE: OpenLDAP + SASL
  - From: "Howard Chu" <hyc@highlandsun.com>
- Re: OpenLDAP + SASL
  - From: "Matt Heitzenroder" <matt@roderco.net>
- Re: OpenLDAP + SASL
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: OpenLDAP + SASL
Next by Date: Re: OpenLDAP + SASL
Index(es):
- Chronological
- Thread