[Date Prev][Date Next] [Chronological] [Thread] [Top]

supportedSASLMechanisms -- not found?



How can I get OpenLDAP to use the SASL libraries for authentication?
I have OpenLDAP2.0.7, and ran configure with the following options:

./configure --prefix=/usr/local/openldap-1.2.11 \
            --exec-prefix=/usr/local/openldap-1.2.11/libexec \
            --enable-spasswd \
            --with-cyrus-sasl

I have Cyrus-SASL 1.5.24 installed.  When I start the ldap server,
and execute ldapsearch -x -s base -b "" supportedSASLMechanisms

I get back:
Version 2:

#
#filter: (objectclas=*)
# requesting supportedSASLMechanims
#

# search result
search 2:
result: 0 success

#numResponses: 1

How do I get OpenLDAP 2.0.7 to find/recognize SASL mechanisms?

Thanks 

Tom
-----Original Message-----
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Wednesday, January 17, 2001 4:23 PM
To: Mike Schiraldi
Cc: openldap-software@OpenLDAP.org
Subject: Re: ldap_sasl_interactive_bind_s: Unknown authentication method


At 04:42 PM 1/17/01 -0500, Mike Schiraldi wrote:
>I'm having trouble getting ldapsearch (2.0.7) to work with a server here.

I note that 2.0 slapd needs some work for EXTERNAL to work
(TLS authid to ACL subject DN mapping).  HEAD has code which
needs testing.  But the client *should* work.

>Netscape's (perhaps non-standards-compliant) ldapsearch tool works.
>OpenLDAP's gives the error "ldap_sasl_interactive_bind_s: Unknown
>authentication method".
>
>Browsing through the list archives, i came across 
>http://www.openldap.org/lists/openldap-bugs/200010/msg00217.html
>which says, in part:
>
>> try ldapsearch -x -ZZ -s base -b "" supportedSASLMechanisms
>> 
>> If "EXTERNAL" is listed as a value, try:
>> 
>> ldapsearch -Y EXTERNAL -ZZ -s base -b "" supportedSASLMechanisms
>
>Well, sure enough, the first command gives
>"supportedSASLMechanisms: EXTERNAL"
>
>but the second gives "ldap_start_tls: Protocol error".

That's odd as there should be no difference in the two until
after the completion of the ldap_start_tls() call.  You might
try adding debugging options on the client side to determine
where their execution paths diverge.

Kurt