[Date Prev][Date Next]
Re: OpenLDAP session authentication
Erik Lotspeich schrieb am 05.10.2010 22:04 Uhr:
I have two questions/concerns:
1. If I leave the "-Y plain" option off of the argument list to
ldapsearch, I get "Invalid credentials":
As far as I know from other SASL using software (like Postfix), the
client always chooses the "securest" available mechanism offered by the
So if you do not minimize the mechanism offered, the client tries a
mechanism that might not be intended to be used.
[openldap may do it in another way, anyway - but I don't think so.]
I don't think this file will be used. The file must be names like the
application name the software communicates to SASL, which is slapd for
the openldap server.
I have a configuration file in /usr/local/sasl2 for slapd.conf; I
tried adding one for ldapsearch:
root@starfish:/usr/lib/sasl2# cat ldapsearch.conf pwcheck_method:
saslauthd mech_list: plain
Did you set
in slapd.conf in /usr/local/sasl2 to tell slapd to just offer PLAIN?