[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [OpenLDAP][Authentication] SASL
The supported SASL mechanisms are CRAM-MD5 and DIGEST-MD5
[tkeith@kif ~]$ ldapsearch -x -H ldap://localhost -b "" -s base
supportedSASLMechanisms
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#
#
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: DIGEST-MD5
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
But this returns : no mechanism available:
ldapwhoami -v -ZZZ -Y EXTERNAL -h localhost
ldap_initialize( ldap://localhost )
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
Tim
On Fri, Jan 22, 2016 at 11:36 AM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
> Please keep replies to the list.
>
> --Quanah
>
>
> --On Friday, January 22, 2016 11:26 AM -0600 Timothy Keith
> <timothy.g.keith@gmail.com> wrote:
>
>> ldapwhoami -v -ZZ -Y EXTERNAL -h localhost
>> ldap_initialize( ldap://localhost )
>> SASL/EXTERNAL authentication started
>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>> additional info: SASL(-4): no mechanism available:
>>
>>
>> ldapsearch -h localhost -LLL -Y EXTERNAL -b "" -s base +
>> SASL/EXTERNAL authentication started
>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>> additional info: SASL(-4): no mechanism available:
>>
>>
>> Tim
>>
>> On Fri, Jan 22, 2016 at 10:10 AM, Quanah Gibson-Mount <quanah@zimbra.com>
>> wrote:
>>>
>>> --On Friday, January 22, 2016 9:38 AM -0600 Timothy Keith
>>> <timothy.g.keith@gmail.com> wrote:
>>>
>>>> The first attempt fails :
>>>>
>>>> ldapwhoami -v -ZZ -Y EXTERNAL
>>>> ldap_initialize( <DEFAULT> )
>>>> ldap_start_tls: Connect error (-11)
>>>> additional info: TLS: hostname does not match CN in peer
>>>> certificate
>>>
>>>
>>>
>>> Why do you expect this to work? You failed to supply -H with a valid
>>> ldap:// URI.
>>>
>>>> This also fails :
>>>>
>>>> ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
>>>> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
>>>
>>>
>>>
>>> Why do you expect this to work? You passed -H without providing a host.
>>>
>>> --Quanah
>>>
>>>
>>>>
>>>> Tim
>>>>
>>>>
>>>> On Thu, Jan 21, 2016 at 7:43 PM, Sergio NNX <sfhacker@hotmail.com>
>>>> wrote:
>>>>>>
>>>>>>
>>>>>> My scenario is relatively simple.
>>>>>
>>>>>
>>>>> Simple, but it doesn't work, right?
>>>>>
>>>>> Are you after something similar to the output below?
>>>>>
>>>>> ldapwhoami -v -ZZ -Y EXTERNAL
>>>>>
>>>>> SASL/EXTERNAL authentication started
>>>>> SASL username: 2.5.4.13=End User Certificate (OpenLDAP
>>>>> 2.4.43),2.5.4.5=1234-2015
>>>>> -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
>>>>> Solutions,l=Westminster,st=Lon
>>>>> don,c=GB,email=info@matear.eu,0.9.2342.19200300.100.1.1=Administrator,
>>>>> dc =EU,cn=A dministrator
>>>>> SASL SSF: 0
>>>>> dn:description=end user certificate (openldap
>>>>> 2.4.43),serialNumber=1234-2015-uk,
>>>>> title=mr,ou=finance department,o=matear.eu it
>>>>> solutions,l=westminster,st=london,
>>>>> c=gb,email=info@matear.eu,uid=administrator,dc=eu,cn=administrator
>>>>> Result: Success (0)
>>>>>
>>>>>
>>>>> ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
>>>>>
>>>>> SASL/EXTERNAL authentication started
>>>>> SASL username: 2.5.4.13=End User Certificate (OpenLDAP
>>>>> 2.4.43),2.5.4.5=1234-2015
>>>>> -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
>>>>> Solutions,l=Westminster,st=Lon
>>>>> don,c=GB,email=info@matear.eu,0.9.2342.19200300.100.1.1=Administrator,
>>>>> dc =EU,cn=A dministrator
>>>>>
>>>>>
>>>>> SASL SSF: 0
>>>>> dn:
>>>>> structuralObjectClass: OpenLDAProotDSE
>>>>> configContext: cn=config
>>>>> monitorContext: cn=Monitor
>>>>> namingContexts: dc=my-domain,dc=com
>>>>> supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
>>>>> supportedControl: 2.16.840.1.113730.3.4.18
>>>>> supportedControl: 2.16.840.1.113730.3.4.2
>>>>> supportedControl: 1.3.6.1.4.1.4203.1.10.1
>>>>> supportedControl: 1.3.6.1.1.22
>>>>> supportedControl: 1.2.840.113556.1.4.319
>>>>> supportedControl: 1.2.826.0.1.3344810.2.3
>>>>> supportedControl: 1.3.6.1.1.13.2
>>>>> supportedControl: 1.3.6.1.1.13.1
>>>>> supportedControl: 1.3.6.1.1.12
>>>>> supportedExtension: 1.3.6.1.4.1.1466.20037
>>>>> supportedExtension: 1.3.6.1.4.1.4203.1.11.1
>>>>> supportedExtension: 1.3.6.1.4.1.4203.1.11.3
>>>>> supportedExtension: 1.3.6.1.1.8
>>>>> supportedFeatures: 1.3.6.1.1.14
>>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
>>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
>>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
>>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
>>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
>>>>> supportedLDAPVersion: 3
>>>>> supportedSASLMechanisms: SRP
>>>>> supportedSASLMechanisms: SCRAM-SHA-1
>>>>> supportedSASLMechanisms: GSSAPI
>>>>> supportedSASLMechanisms: GSS-SPNEGO
>>>>> supportedSASLMechanisms: DIGEST-MD5
>>>>> supportedSASLMechanisms: EXTERNAL
>>>>> supportedSASLMechanisms: OTP
>>>>> supportedSASLMechanisms: CRAM-MD5
>>>>> supportedSASLMechanisms: NTLM
>>>>> supportedSASLMechanisms: LOGIN
>>>>> supportedSASLMechanisms: PLAIN
>>>>> entryDN:
>>>>> subschemaSubentry: cn=Subschema
>>>>>
>>>>
>>>
>>>
>>>
>>> --
>>>
>>> Quanah Gibson-Mount
>>> Platform Architect
>>> Zimbra, Inc.
>>> --------------------
>>> Zimbra :: the leader in open source messaging and collaboration
>
>
>
>
> --
>
> Quanah Gibson-Mount
> Platform Architect
> Zimbra, Inc.
> --------------------
> Zimbra :: the leader in open source messaging and collaboration