[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SASL(-4): no mechanism available
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Robin SP Zhang
> Hi,
> I want to use TLS to connect to LDAP server, but it failed.
> the debug info is
>
> ...
> TLS trace: SSL_connect:SSLv3 read finished A
> ldap_interactive_sasl_bind_s: user selected: EXTERNAL
> ldap_int_sasl_bind: EXTERNAL
> SASL/EXTERNAL authentication started
> ldap_perror
> ldap_sasl_interactive_bind_s: Unknown authentication method (86)
> additional info: SASL(-4): no mechanism available:
>
> I traced the routine, and found that it is failed because auth_id of
> external
> is NULL, auth_id seems come from certificate, then I found that
> SSL_get_certificate return NULL in tls.c, so I doubted that
> my configuration about TLS client has some error.
> I configure it in ldap.conf as
>
> TLS_CACERT E:\\OpenLDAP\\SYSCONF\\server.pem
> SASL_SECPROPS none
>
> Is it right ? or I created a wrong certificate?
The SASL/EXTERNAL mechanism is only for use when you want to authenticate
with a client certificate. If all you want is to use TLS with a
password-based login, then you should not be using SASL/EXTERNAL. If you want
to login with SASL/EXTERNAL, you need to create a client certificate and add
its location to your .ldaprc file.
Read the Admin Guide, it's already explained there.
http://www.openldap.org/doc/admin21/
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support