[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_sasl_interactive_bind_s: Unknown authentication method



At 04:42 PM 1/17/01 -0500, Mike Schiraldi wrote:
>I'm having trouble getting ldapsearch (2.0.7) to work with a server here.

I note that 2.0 slapd needs some work for EXTERNAL to work
(TLS authid to ACL subject DN mapping).  HEAD has code which
needs testing.  But the client *should* work.

>Netscape's (perhaps non-standards-compliant) ldapsearch tool works.
>OpenLDAP's gives the error "ldap_sasl_interactive_bind_s: Unknown
>authentication method".
>
>Browsing through the list archives, i came across 
>http://www.openldap.org/lists/openldap-bugs/200010/msg00217.html
>which says, in part:
>
>> try ldapsearch -x -ZZ -s base -b "" supportedSASLMechanisms
>> 
>> If "EXTERNAL" is listed as a value, try:
>> 
>> ldapsearch -Y EXTERNAL -ZZ -s base -b "" supportedSASLMechanisms
>
>Well, sure enough, the first command gives
>"supportedSASLMechanisms: EXTERNAL"
>
>but the second gives "ldap_start_tls: Protocol error".

That's odd as there should be no difference in the two until
after the completion of the ldap_start_tls() call.  You might
try adding debugging options on the client side to determine
where their execution paths diverge.

Kurt