[Date Prev][Date Next]
Re: SASL EXTERNAL with URLs other than ldapi://
Well, actually, I am performing tests at the server itself, and my
ldap.conf file contains:
where myhost.crt and myhost.key are the same files I am currently using at
server's setup (as parameters for TLSCertificateFile and
TLSCertificateKeyFile. The CA certificate file is also the same).
Ever trying with SSL (ldaps://...), TLS (-Z - or ever -ZZ), SASL with
GSSAPI, etc, etc, the result is always the same: the "EXTERNAL" SASL
mechanism doesn't shows up :\
I'm using openldap 2.2.13 and Cyrus SASL 2.1.19 at a Fedora Core 3 Linux.
My other test box is a FC1, with openldap 2.1.22 and SASL 2.1.15, and its
behavior is exactly the same :\
... searching the iNet, I have found some reports of installations in
which a single "ldapsearch -x -h localhost ..." was able to "magically"
list the "EXTERNAL" mechanism, but... I could not figure out what is the
difference between those and mine :\
Btw, does somebody have the "EXTERNAL" sasl mech. available via ldap:// or
Thanks very much, folks!!
> On Thu, 10 Feb 2005, Jan-Piet Mens wrote:
>> On Thu Feb 10 2005 at 15:38:43 CET, Rodolfo Broco Manin wrote:
>>> This may be a silly question, but... how can I use SASL's "EXTERNAL"
>>> mechamism with OpenLDAP over network connections (ldap:// and ldaps://
>>> URLs)? Here at my site I can see "supportedSASLMechanisms: EXTERNAL"
>>> only when connecting via a ldapi:// URL.
>>> (It's not available using TLS or SSL)
>>> # ldapsearch -x -Z -H ldap://localhost -b "" -LLL -s base
>> Try forcing TLS with another -Z or using ldaps://localhost
>> $ ldapsearch -x -ZZ -H ldap://localhost -b "" -LLL -s base
>> $ ldapsearch -x -H ldaps://localhost -b "" -LLL -s base
> You need to setup a client certificate. I assume your server is properly
> configured for TLS. See http://www.openldap.org/doc/admin22/tls.html for