[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: pass-through authentication
On Wed, Dec 30, 2015 at 7:04 PM, Dan White <dwhite@cafedemocracy.org> wrote:
Is DIGEST-MD5 available on your ldap server? Try:
ldapsearch -LLL -x -H ldap://1.2.3.4 -s "base" -b ""
supportedSASLMechanisms
On 12/31/15 09:51 -0600, Timothy Keith wrote:
Dan, that ldapsearch returns :
dn:
supportedSASLMechanisms: PLAIN
On Mon, Jan 4, 2016 at 1:16 PM, Dan White <dwhite@cafedemocracy.org> wrote:
On 01/04/16 09:41 -0600, Timothy Keith wrote:
ldapwhoami -Y PLAIN -H ldap://182.19.136.42 -U testuser
produces :
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: No worthy mechs
found
On 01/04/16 14:47 -0600, Timothy Keith wrote:
pluginviewer returned this, as well as several other plugins :
List of server plugins follows
Plugin "plain" [loaded], API version: 4
SASL mechanism: PLAIN, best SSF: 0, supports setpass: no
security flags: NO_ANONYMOUS
features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Something doesn't add up here. The remote server claims to support sasl
plain, and your local server claims to support it as well.
I suppose your server could be claiming support, but not really supporting
it without a security layer, in which case you might investigate doing
ssl/starttls.
See if you can get a hold of any logs from the server.
--
Dan White