Re: supportedSASLMechanisms not Work in Debian Lenny

["Dieter Kluenter" <dieter@dkluenter.de>]

Jarbas Peixoto JÃnior <jarbas.junior@gmail.com> writes:

> I have two servers:
>
>    * Server A: Debian Etch - Works Fine
>
>    * Server B: Debian Lenny - Do not Works supportedSASLMechanisms EXTERNAL
>
> In Server A I have:
>
> # ldapsearch -v -H ldap://server-Etch -b "" -LLL -s base supportedSASLMechanisms
> -ZZ
> ldap_initialize( ldap://server-Etch )
> SASL/EXTERNAL authentication started
> SASL username: emailAddress=jarbas.peixoto@previdencia.gov.br,CN=jarbas.peixoto,OU=DATAPREV,O=Previdencia
> Social,L=Campo Grande,ST=Mato Grosso do Sul,C=BR
> SASL SSF: 0
> filter: (objectclass=*)
> requesting: supportedSASLMechanisms
> dn:
> supportedSASLMechanisms: PLAIN
> supportedSASLMechanisms: DIGEST-MD5
> supportedSASLMechanisms: LOGIN
> supportedSASLMechanisms: NTLM
> supportedSASLMechanisms: CRAM-MD5
> supportedSASLMechanisms: EXTERNAL
>
> In Server B I have:
>
> # ldapsearch -v -H ldap://server-Lenny -b "" -LLL -s base
> supportedSASLMechanisms -ZZ
> ldap_initialize( ldap://server-Lenny:389/??base )
> ldap_start_tls: Connect error (-11
>
> #  ldapsearch -v -H ldap://server-Lenny -b "" -LLL -s base
> supportedSASLMechanisms -ZZ -d 1
> ldap_url_parse_ext(ldap://server-Lenny)
[...]
> Jan 29 18:17:22 server-Lenny slapd[12945]: conn=99 fd=21 closed (TLS negotiation
> failure)
>
>
> This is very important for use openldap with user certificates.

This is most likely not an OpenLDAP issue but a Debian issue. Probably
OpenSSL vs. GnuTLS. Check the linked libraries.

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53Â08'09,95"N
10Â08'02,42"E