Re: authentication problem

[Michael Ströder <michael@stroeder.com>]

Dan White wrote:
> On 15/05/11 17:59 +0430, Mohammad D wrote:
>> I have installed openldap 2.4.23 on windows server 2003. when I run this
>> query on ldapsearch:
>> ldapsearch -h directory.verisign.com -b "cn=<*>" "(o=*)"
>> "certificaterevocationlist"
>> I get the following error:
>> SASL/EXTERNAL authentication started
>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>>        additional info: SASL(-4): no mechanism available:
>>
>> I installed MIT kerberos but it did not solve the problem.
>> any one know whats the issue and how can it be solved?
> 
> Did you build cyrus sasl with GSSAPI support?

Dan, why do you ask for GSSAPI?

I guess the original poster just wants to use command-line option -x for
simple anonymous bind. Also the search base (-b) seems to be wrong. It should
be -b "" for an empty search base.

I doubt that this will work anyway. Playing around with
ldap://directory.verisign.com it returns

Server is unwilling to perform:
Presence filter is unsupported

when searching with filter (o=*). Frankly I don't know whether this server is
usable anymore for anything one would consider useful. That's the reason I
removed it from the default select list in web2ldap's demo server.

Side note:
Verisign publishes its CRLs via HTTP: http://crl.verisign.com/

Ciao, Michael.