[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP session authentication

On 29/09/10 10:19 -0500, Erik Lotspeich wrote:
Hi Dan,

I hope that I don't mind if I ask a follow-up question:

root@starfish:/usr/local/etc/openldap# testsaslauthd -u erik -p XXX -s
0: OK "Success."

That works, but when I run ldapwhami, it doesn't:

root@starfish:/usr/local/etc/openldap# ldapwhoami -Y login -U erik -H
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
       additional info: SASL(-4): no mechanism available: No worthy
mechs found

I did a search on the internet, and I ran this command:

root@starfish:/usr/local/etc/openldap# ldapsearch -x -ZZ -s base -b ""
# extended LDIF
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: ALL

objectClass: top
objectClass: OpenLDAProotDSE

# search result
search: 3
result: 0 Success

In other examples I've seen, mechanisms such as PLAIN or LOGIN or listed

Make sure you have the appropriate sasl shared libraries installed on both
your server and your client (which appears to be the same according to your
examples from above).  Use plugingview/saslpluginviewer to see which
server/client mechanisms you do have installed.

For instance, on a Debian system you'd need to have the libsasl2-modules

If you do have those mechanisms installed but are still not seeing them in
the '-s base -b ""' search, make sure you've added 'sasl-secprops none' to
your openldap slapd.conf.

Dan White