[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP as a SASL backend

To: openldap-software@openldap.org
Subject: Re: OpenLDAP as a SASL backend
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Tue, 23 Oct 2007 19:15:29 +0200
In-reply-to: <d25e0d550710230304l2555456dycba279608ca6e555@mail.gmail.com> (Zohar Lev Shani's message of "Tue, 23 Oct 2007 12:04:40 +0200")
References: <d25e0d550710110313l47a0cccch28a944a7bed8a70@mail.gmail.com> <470E5A70.2050405@olp.net> <d25e0d550710230304l2555456dycba279608ca6e555@mail.gmail.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

"Zohar Lev Shani" <levshani5252@gmail.com> writes:

> OK, got that.
>
> Now I am trying a different SASL configuration, and I have these
> mechanisms available:
>
>> ldapsearch -h localhost:9999 -x -b '' supportedSASLMechanisms -s base -LLL
> dn:
> supportedSASLMechanisms: LOGIN
> supportedSASLMechanisms: PLAIN
>
> With the same data, I tried running ldapsearch with SASL and got that
> there are no SASL mechanisms available.
>
>> ldapsearch -h localhost:9999 -Y PLAIN -U user1 -w pass1 -LLL -b cn=user1,cn=users,dc=my-domain,dc=com
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>         additional info: SASL(-4): no mechanism available: No worthy mechs found
>
> Same goes for '-Y LOGIN'.
>
> What am I missing here?

OpenLDAP only supports PLAIN and LOGIN if data transport is secured
that is either by TLS or local pipe. Install sasl libdigestmd5 and
libcrammd5 to provide shared secret security.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

References:
- OpenLDAP as a SASL backend
  - From: "Zohar Lev Shani" <levshani5252@gmail.com>
- Re: OpenLDAP as a SASL backend
  - From: Dan White <dwhite@olp.net>
- Re: OpenLDAP as a SASL backend
  - From: "Zohar Lev Shani" <levshani5252@gmail.com>

Prev by Date: Re: Using paged results, between 2.2.26 and 2.3.38.
Next by Date: reducing information duplication
Index(es):
- Chronological
- Thread