[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP as a SASL backend

"Zohar Lev Shani" <levshani5252@gmail.com> writes:

> OK, got that.
> Now I am trying a different SASL configuration, and I have these
> mechanisms available:
>> ldapsearch -h localhost:9999 -x -b '' supportedSASLMechanisms -s base -LLL
> dn:
> supportedSASLMechanisms: LOGIN
> supportedSASLMechanisms: PLAIN
> With the same data, I tried running ldapsearch with SASL and got that
> there are no SASL mechanisms available.
>> ldapsearch -h localhost:9999 -Y PLAIN -U user1 -w pass1 -LLL -b cn=user1,cn=users,dc=my-domain,dc=com
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>         additional info: SASL(-4): no mechanism available: No worthy mechs found
> Same goes for '-Y LOGIN'.
> What am I missing here?

OpenLDAP only supports PLAIN and LOGIN if data transport is secured
that is either by TLS or local pipe. Install sasl libdigestmd5 and
libcrammd5 to provide shared secret security.


Dieter Klünter | Systemberatung