[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL

To: openldap-software@openldap.org
Subject: Re: SASL
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Sun, 02 Nov 2008 09:12:30 +0100
In-reply-to: <58eb69ab0810310923r3022389ufc3413e637640820@mail.gmail.com> (John Nietzsche's message of "Fri, 31 Oct 2008 14:23:54 -0200")
References: <58eb69ab0810310923r3022389ufc3413e637640820@mail.gmail.com>
User-agent: Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.5-b28 (linux)

"John Nietzsche" <john.nietzsche@gmail.com> writes:

> Dear list members,
>
> i have just setted, in my environment, kerberos, cyrus-sasl and
> openldap. My  host operational plataform is Debian.
>
> I am facing a situation like this: altough i configured cyrus SASL i
> can't see its mech with the following command:
>
> sioux@gustav:~/ldap$ ldapsearch -x -b "" -s base supportedSASLMechanisms
> # extended LDIF
> #
> # LDAPv3
> # base <> with scope baseObject
> # filter: (objectclass=*)
> # requesting: supportedSASLMechanisms
> #
>
> #
> dn:
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
> sioux@gustav:~/ldap$

This is probably an access control problem, do you have something like

access to dn.base="" by * read
access to dn.base=cn=subschema by * read

in your slapd.conf in order to allow anonymous read on root DSE and
subschema?
An other hint: you should not relay on google search results! If you
would have read OpenLDAP Documentation you should know that OpenLDAP
has implemeneted RFC-3673 (all operational attributes).
ldapsearch -x -b "" -s base + | grep 'supportedSASLMechanisms'

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53Â08'09,95"N
10Â08'02,42"E

References:
- SASL
  - From: "John Nietzsche" <john.nietzsche@gmail.com>

Prev by Date: Re: userPassword
Next by Date: Re: bdb 4.6 issue with 2.4.12
Index(es):
- Chronological
- Thread