[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SupportedSASLMechanisms: none

To: 484109@unizar.es
Subject: Re: SupportedSASLMechanisms: none
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Fri, 29 Apr 2005 16:55:25 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <1114782766.42723c2e23819@webmail.unizar.es>
References: <1114782766.42723c2e23819@webmail.unizar.es>
User-agent: SquirrelMail/1.4.3a-1

slapd does not advertize SASL mechs that cannot be used under the
circumstances they're looked for.  For instance, if you don't use TLS or a
ldapi:// listener it doesn't advertize mechs that imply exchanging
cleartext credentials between client and server.  Example:

ldapsearch -x -H ldap:// -b '' -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: OTP
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5

ldapsearch -x -H ldapi:// -b '' -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: OTP
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: EXTERNAL

Moreover, SASL plugins must be accessible.  I'd check where your plugins
are located and what SASL_PATH is set to.

p.


> Hi,
> I have configured openLDAP --with-cyrus-sasl flag enabled but
> when I execute " ldapsearch -x -s base -b "" + " response doesn't include
> any
> supportedSASLMechanisms:
>
> <dn:
> <structuralObjectClass: OpenLDAProotDSE
> <namingContexts: dc=lab1-3,dc=cps,dc=unizar,dc=es
> <supportedControl: 2.16.840.1.113730.3.4.18
> <supportedControl: 2.16.840.1.113730.3.4.2
> <supportedControl: 1.3.6.1.4.1.4203.1.10.1
> <supportedControl: 1.2.840.113556.1.4.1413
> <supportedControl: 1.2.840.113556.1.4.1339
> <supportedControl: 1.2.840.113556.1.4.319
> <supportedControl: 1.2.826.0.1.334810.2.3
> <supportedExtension: 1.3.6.1.4.1.1466.20037
> <supportedExtension: 1.3.6.1.4.1.4203.1.11.1
> <supportedExtension: 1.3.6.1.4.1.4203.1.11.3
> <supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
> <supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
> <supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
> <supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
> <supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
> <supportedLDAPVersion: 3
> <subschemaSubentry: cn=Subschema
>
> The cysrus-sasl library is working correctly with heimdal.
> What problem can I have?
>
> Regards,
> Alejandro Moreno
>


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- SupportedSASLMechanisms: none
  - From: 484109@unizar.es

Prev by Date: Re: v2.2.24 structural object class modification not allowed
Next by Date: question about the meta backend
Index(es):
- Chronological
- Thread