[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: "ldapsearch -I" doesn't give desired result .. working !
-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Monday, January 08, 2001 8:43 PM
To: Jankok, Lucio
Cc: openldap-software@OpenLDAP.org
Subject: Re: "ldapsearch -I" doesn't give desired result
At 10:36 AM 1/8/01 +0100, Jankok, Lucio wrote:
>I have qmail-ldap working with cyrus-sasl but not completely, I would
>like to get it working completely.
>
>I have two questions;
> 1) I would like to know how I can make "ldapsearch -I" to return
> the supported sasl mechanism without having to explicitely
> specify the mechanism.
: Whenever -Y is not specified (and SASL authenticate is used),
: the client will attempt to anonymously read the supportedSASLmechanims
: attribute from the root DSE. This can fail for many reasons (such
: as ACLs or no supported mechanisms).
Yes !.. once I changed my ACL and gave anonymous read access on the database
I got "ldapsearch -I" working.
: The client will then select the "best" mechanism from the listed
: one it also supports.
Correct, I will get; "SASL/DIGEST-MD5 authentication started"
> 2) I would like to know how I can make "ldapsearch -I -Y mechanism"
> authenticate from the sasldb database.
:Well, the answer to this question is complex. There are multiple
:mechanisms which are affected by numerous factors.
I got this working by including the following in the "/etc/openldap/slapd.conf"
file;
# sals's stuff"
sasl-host my.full.hostname
sasl-realm mymachinename
sasl-secprops noplain
Kind Regards,
Lucio Jankok