[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL EXTERNAL with URLs other than ldapi://



Hi, all!!

This may be a silly question, but... how can I use SASL's "EXTERNAL"
mechamism with OpenLDAP over network connections (ldap:// and ldaps://
URLs)?  Here at my site I can see "supportedSASLMechanisms: EXTERNAL"
only when connecting via a ldapi:// URL.

I have "TLSVerifyClient try" at slapd.conf (but I tryied with "allow"
and "demand" too, without sucess).  I tested SASL authentication using
LOGIN and GSSAPI mechs, and it works fine.

What am I doing wrong??

Tnks in advice!!

P.S.: there are some queries I performed with my current setup


("EXTERNAL" doesn't shows up using "ldap://"; URLs) # ldapsearch -x -H ldap://localhost -b "" -LLL -s base supportedSASLMechanisms dn: supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: GSSAPI

(It's not available using TLS or SSL)
# ldapsearch -x -Z -H ldap://localhost -b "" -LLL -s base
supportedSASLMechanisms
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: GSSAPI

(But it looks fine when I connect via socket)
# ldapsearch -x -H ldapi:///var/run/ldapi -b "" -LLL -s base
supportedSASLMechanisms
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: EXTERNAL