Re: [OpenLDAP][Authentication] SASL

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Friday, January 22, 2016 9:38 AM -0600 Timothy Keith 
<timothy.g.keith@gmail.com> wrote:

> The first attempt fails :
>
> ldapwhoami -v -ZZ -Y EXTERNAL
> ldap_initialize( <DEFAULT> )
> ldap_start_tls: Connect error (-11)
>         additional info: TLS: hostname does not match CN in peer
> certificate

Why do you expect this to work?  You failed to supply -H with a valid 
ldap:// URI.

> This also fails :
>
> ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

Why do you expect this to work?  You passed -H without providing a host.

--Quanah


> Tim
>
>
> On Thu, Jan 21, 2016 at 7:43 PM, Sergio NNX <sfhacker@hotmail.com> wrote:
> > > My scenario is relatively simple.
> > Simple, but it doesn't work, right?
> >
> > Are you after something similar to the output below?
> >
> > ldapwhoami -v -ZZ -Y EXTERNAL
> >
> > SASL/EXTERNAL authentication started
> > SASL username: 2.5.4.13=End User Certificate (OpenLDAP
> > 2.4.43),2.5.4.5=1234-2015
> > -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
> > Solutions,l=Westminster,st=Lon
> > don,c=GB,email=info@matear.eu,0.9.2342.19200300.100.1.1=Administrator,dc
> > =EU,cn=A dministrator
> > SASL SSF: 0
> > dn:description=end user certificate (openldap
> > 2.4.43),serialNumber=1234-2015-uk,
> > title=mr,ou=finance department,o=matear.eu it
> > solutions,l=westminster,st=london,
> > c=gb,email=info@matear.eu,uid=administrator,dc=eu,cn=administrator
> > Result: Success (0)
> >
> >
> > ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
> >
> > SASL/EXTERNAL authentication started
> > SASL username: 2.5.4.13=End User Certificate (OpenLDAP
> > 2.4.43),2.5.4.5=1234-2015
> > -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
> > Solutions,l=Westminster,st=Lon
> > don,c=GB,email=info@matear.eu,0.9.2342.19200300.100.1.1=Administrator,dc
> > =EU,cn=A dministrator
> > SASL SSF: 0
> > dn:
> > structuralObjectClass: OpenLDAProotDSE
> > configContext: cn=config
> > monitorContext: cn=Monitor
> > namingContexts: dc=my-domain,dc=com
> > supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
> > supportedControl: 2.16.840.1.113730.3.4.18
> > supportedControl: 2.16.840.1.113730.3.4.2
> > supportedControl: 1.3.6.1.4.1.4203.1.10.1
> > supportedControl: 1.3.6.1.1.22
> > supportedControl: 1.2.840.113556.1.4.319
> > supportedControl: 1.2.826.0.1.3344810.2.3
> > supportedControl: 1.3.6.1.1.13.2
> > supportedControl: 1.3.6.1.1.13.1
> > supportedControl: 1.3.6.1.1.12
> > supportedExtension: 1.3.6.1.4.1.1466.20037
> > supportedExtension: 1.3.6.1.4.1.4203.1.11.1
> > supportedExtension: 1.3.6.1.4.1.4203.1.11.3
> > supportedExtension: 1.3.6.1.1.8
> > supportedFeatures: 1.3.6.1.1.14
> > supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
> > supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
> > supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
> > supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
> > supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
> > supportedLDAPVersion: 3
> > supportedSASLMechanisms: SRP
> > supportedSASLMechanisms: SCRAM-SHA-1
> > supportedSASLMechanisms: GSSAPI
> > supportedSASLMechanisms: GSS-SPNEGO
> > supportedSASLMechanisms: DIGEST-MD5
> > supportedSASLMechanisms: EXTERNAL
> > supportedSASLMechanisms: OTP
> > supportedSASLMechanisms: CRAM-MD5
> > supportedSASLMechanisms: NTLM
> > supportedSASLMechanisms: LOGIN
> > supportedSASLMechanisms: PLAIN
> > entryDN:
> > subschemaSubentry: cn=Subschema



--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration