[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: No such attribute using SASL
On Thu, 14 Sep 2000, Kurt D. Zeilenga wrote:
> At 10:18 AM 9/14/00 -0400, Joseph A. Martin wrote:
> >I have OpenLDAP 2.0.1 installed and running now. I also have the Cyrus
> >SASL libraries installed. I have some dummy entries in the database
> >and when I run `ldapsearch -x` they are printed out. When I run a
> >simple `ldapsearch` I receive the following message:
> >
> >ldap_sasl_interactive_bind_s: No such attribute
>
> This implies that supportedSASLMechanisms attribute is not available
> in the Root DSE. You should be able to use
> ldapsearch -x -b "" -s base supportedSASLMechanisms
> to see what is (or isn't) listed.
I begin to stumble towards understanding...
I ran that command and found that nothing was listed. Hhm.
I read the slapd.conf man page and found reference to a few SASL
options. I put the following two lines in my slapd.conf file:
sasl-realm "LATER.DUDE"
sasl-secprops none
After adding the lines I restarted slapd and ran the search again.
This time I got the following result:
version: 2
#
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#
#
dn:
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: ANONYMOUS
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
When I run just `ldapsearch` again I get the following:
ldap_sasl_interactive_bind_s: Unknown authentication method
I assume this is because I don't have any strong authentication setup.
Or maybe not. I'm still figuring all this out. I think I still have
some bugs to work out of my SASL configuration. For instance if I
make any changes at all to the aforementioned slapd.conf options the
SASL mechanisms dissappear again.
Still, just wanted to let you know that I am experimenting and
learning. Thanks for your e-mail. Are there any another slapd config
options I need to know about or apply? Is the behavior I am seeing
normal?
thanks,
later,
joseph
--
the "LaterDude" @ (martinja@ice-works.com || ICQ #52640402)
http://www.ice-works.com/personal/LaterDude/index.html
All opinions expressed are my own and not necessarily those of
my employer unless otherwise noted.