[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pass-through authentication

To: Timothy Keith <timothy.g.keith@gmail.com>
Subject: Re: pass-through authentication
From: Dan White <dwhite@cafedemocracy.org>
Date: Thu, 21 Jan 2016 14:31:28 -0600
Cc: Dan White <dwhite@cafedemocracy.org>, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CAGraDoHjmdv_3b-50GSZj7+fAHu5G6r4HnMF7hZt=vEHs5dsCw@mail.gmail.com>
References: <CAGraDoF0w4dpTqs4nmL3x5-1UY+zTYAfrY8t+Zavkz2S9rNc9A@mail.gmail.com> <20160104191606.GC3692@dan.olp.net> <CAGraDoEOfU5p4TBuNBzjmJoTGA3cPw_0FQALJikNo+RFH4nuZg@mail.gmail.com> <E23D1B6612D098A7BB0E057C@192.168.1.9> <CAGraDoEtwh9ELSMatak4oarPvB4n8CNd1pZEFX57N2W+_Sf4Xw@mail.gmail.com> <CAGraDoGieaSmjqLJy_AZDLb71XoGRMYXqnhN245B7hq_LJoNjw@mail.gmail.com> <CAGraDoG0dj=LpoTWxLUWz1xUBQ8683GNvFSf48BTNkzUxpDZXg@mail.gmail.com> <CAGraDoHDJ_=uo3swgyna1evP7Z_nRQVi5dsG_hVb0SCPLOj6qw@mail.gmail.com> <20160108203428.GE3710@dan.olp.net> <CAGraDoHjmdv_3b-50GSZj7+fAHu5G6r4HnMF7hZt=vEHs5dsCw@mail.gmail.com>
User-agent: Mutt/1.5.24 (2015-08-30)

You can view your config with:

slapcat -n0

And verify that object exists.

If you're receiving this error due to an ACL problem, verify you
have the proper configuration in place to authenticate as the rootdn using
sasl/external. See the slapd-config manpage, and see section 15.2 (and in
particular 15.2.5) of the Administrator's guide, and reference your
OS/distro documentation.

On 01/21/16 12:35 -0600, Timothy Keith wrote:

I commented the  mech_list in slapd.conf

The ldapsearch result is now No such object

ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b cn=config
"(|(cn=config)(olcDatabase={1}hdb))"
No such object (32)

On Fri, Jan 8, 2016 at 2:34 PM, Dan White <dwhite@cafedemocracy.org> wrote:

On 01/07/16 17:24 -0600, Timothy Keith wrote:


ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b cn=config
"(|(cn=config)(olcDatabase={1}hdb))"
ldap_sasl_interactive_bind_s: Authentication method not supported (7)
       additional info: SASL(-4): no mechanism available:



I'm missing some context here. Most likely you have a mech_list hard coded
in your slapd.conf sasl, which does not include the external mech.

References:
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>
- Re: pass-through authentication
  - From: Dan White <dwhite@cafedemocracy.org>
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>
- Re: pass-through authentication
  - From: Dan White <dwhite@cafedemocracy.org>
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>

Prev by Date: Re: pass-through authentication
Next by Date: Re: [OpenLDAP][Authentication] SASL
Index(es):
- Chronological
- Thread