[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pass-through authentication

On Wed, Dec 30, 2015 at 7:04 PM, Dan White <dwhite@cafedemocracy.org> wrote:
Is DIGEST-MD5 available on your ldap server? Try:

ldapsearch -LLL -x -H ldap:// -s "base" -b ""

On 12/31/15 09:51 -0600, Timothy Keith wrote:
Dan, that ldapsearch returns :
supportedSASLMechanisms: PLAIN

On Mon, Jan 4, 2016 at 1:16 PM, Dan White <dwhite@cafedemocracy.org> wrote:
On 01/04/16 09:41 -0600, Timothy Keith wrote:

ldapwhoami -Y PLAIN -H ldap:// -U testuser

produces :

ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
       additional info: SASL(-4): no mechanism available: No worthy mechs

On 01/04/16 14:47 -0600, Timothy Keith wrote:
pluginviewer returned this, as well as several other plugins :

List of server plugins follows

Plugin "plain" [loaded],        API version: 4
       SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
       security flags: NO_ANONYMOUS

Something doesn't add up here. The remote server claims to support sasl
plain, and your local server claims to support it as well.

I suppose your server could be claiming support, but not really supporting
it without a security layer, in which case you might investigate doing

See if you can get a hold of any logs from the server.

Dan White