[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL External : unknown authentication method

To: Liste OpenLDAP Software <openldap-software@OpenLDAP.org>
Subject: SASL External : unknown authentication method
From: Francois Beretti <francois.beretti@enatel.com>
Date: 07 May 2003 13:29:57 +0200

hello all

I get this error :

[francois@linux-integ francois]$ ldapsearch -ZZ -Y EXTERNAL
ldap_sasl_interactive_bind_s: Unknown authentication method (86)
        additional info: SASL(-4): no mechanism available: No worthy
mechs found

ldapsearch -Z works well, my sever and client certs are both valid,
I got :
TLSCertificateFile      /etc/openldap/tls/cert.pem
TLSCertificateKeyFile   /etc/openldap/tls/cert.key
TLSCACertificateFile    /demoCA/cacert.pem
TLSVerifyClient         demand
in my slapd.conf.

the CA cert is indicated in /etc/openldap/ldap.conf
the client cert and key file are specified in .ldaprc

some useful info :

[francois@linux-integ francois]$ ldapsearch -x -ZZ -s base -b ""
supportedSASLMechanisms
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#

#
dn:
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: EXTERNAL

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

[francois@linux-integ francois]$ ldapsearch -Y EXTERNAL -ZZ -s base -b
"" supportedSASLMechanisms
ldap_sasl_interactive_bind_s: Unknown authentication method (86)
        additional info: SASL(-4): no mechanism available: No worthy
mechs found


the slapd log when I start ldapsearch -ZZ -Y EXTERNAL :

[root@linux-integ root]# slapd -d 1
[...]
slapd startup: initiated.
slapd starting
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ber_scanf fmt (m) ber:
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
do_extended
ber_scanf fmt ({m) ber:
send_ldap_extended: err=0 oid= len=0
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write certificate request A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
TLS certificate verification: depth: 1, err: 0, subject:
/DC=local/DC=enatel/CN=Certificate Authority, issuer:
/DC=local/DC=enatel/CN=Certificate Authority
TLS certificate verification: depth: 0, err: 0, subject:
/DC=local/DC=enatel/OU=people/CN=francois, issuer:
/DC=local/DC=enatel/CN=Certificate Authority
TLS trace: SSL_accept:SSLv3 read client certificate A
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read certificate verify A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
=> ldap_dn2bv(16)
<= ldap_dn2bv(cn=francois,ou=people,dc=enatel,dc=local,16)=0
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=9 for close
connection_close: deferring conn=0 sd=9
connection_resched: attempting closing conn=0 sd=9
connection_close: conn=0 sd=9
TLS trace: SSL3 alert write:warning:close notify
slap_sig_shutdown: signal 2
slap_sig_shutdown: signal 2
daemon: shutdown requested and initiated.
slapd shutdown: waiting for 0 threads to terminate
slap_sig_shutdown: signal 2
slapd shutdown: initiated
ldbm backend syncing
ldbm backend done syncing
====> cache_release_all
slapd shutdown: freeing system resources.
slapd stopped.

please help me !! :-)
one month ago I had got sasl/external working, I hadn't gt this error,
on the same system (but reinstalled since that moment, so maybe I missed
a package or something) :

red hat linux 8.0
openldap 2.1.17 from Jehan Procaccia rpm (2.1.17-1)
cyrus-sasl 2.1.10-1
openssl 0.9.6b-29

thanks in advance,

Francois Beretti

Follow-Ups:
- Re: SASL External : unknown authentication method
  - From: Dieter Kluenter <dieter@dkluenter.de>
- RE: SASL External : unknown authentication method
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: Compile issues on AIX 5.1
Next by Date: Re: Compile issues on AIX 5.1
Index(es):
- Chronological
- Thread