[Date Prev][Date Next]
Re: SASL EXTERNAL with URLs other than ldapi://
On Thu, 10 Feb 2005 firstname.lastname@example.org wrote:
Well, actually, I am performing tests at the server itself, and my
ldap.conf file contains:
You cannot specify TLS_(KEY|CERT) in ldap.conf. These are user-only
options (.ldaprc). See man ldap.conf.
where myhost.crt and myhost.key are the same files I am currently using at
server's setup (as parameters for TLSCertificateFile and
TLSCertificateKeyFile. The CA certificate file is also the same).
A client certificate more then likely is going to be different from the
server certificate. Do you have your cert DN in your directory or
have you mapped the cert DN into LDAP DN?
Ever trying with SSL (ldaps://...), TLS (-Z - or ever -ZZ), SASL with
GSSAPI, etc, etc, the result is always the same: the "EXTERNAL" SASL
mechanism doesn't shows up :\
I'm using openldap 2.2.13 and Cyrus SASL 2.1.19 at a Fedora Core 3 Linux.
My other test box is a FC1, with openldap 2.1.22 and SASL 2.1.15, and its
behavior is exactly the same :\
... searching the iNet, I have found some reports of installations in
which a single "ldapsearch -x -h localhost ..." was able to "magically"
list the "EXTERNAL" mechanism, but... I could not figure out what is the
difference between those and mine :\
Btw, does somebody have the "EXTERNAL" sasl mech. available via ldap:// or
I have it working. This will only work for ldaps://. SASL EXTERNAL uses
TLS for authentication among other things. SASL EXTERNAL is also
available over ldapi.