[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: How to check if slapd is TLS/SASL aware?
The first one actually says that it could not authenticate you using your current
credentials. That's why "bind" is in the function name.
Sorry, it's actually 'ldapsearch -x -b "" -s base supportedSASLMechanisms'. The
command I gave actually would print out the dn's right below the
"supportedSASLMechanisms" branch. It's not a branch, though. The "-s base" only
prints out the entry itself. supportedSASLMechanisms is actually an attribute that
is part of the null dn (the base dn).
The first one obviously says that SASL is enabled on one of the two sides. If the
client came with the server, it's both. Now, as far as using the currently included
mechanisms, that's beyond me (I've only used GSSAPI).
Bob Tanner wrote:
> Quoting Tomas Maly (malyprogservices@flashmail.com):
> > ldapsearch -b "" -s one supportedSASLMechanisms
> >
> > That should tell you what SASL modules are enabled. If slapd is TLS enabled,
> > you can pass the '-ZZ' parameter to authenticate and as long as is doesn't
> > print out an error code, it works.
>
> That command give me the following:
>
> % ldapsearch -b "" -s one supportedSASLMechanisms
> ldap_sasl_interactive_bind_s: No such attribute
>
> Throwing in a "-x", I get this:
>
> % ldapsearch -x -b "" -s one supportedSASLMechanisms
> version: 2
>
> #
> # filter: (objectclass=*)
> # requesting: supportedSASLMechanisms
> #
>
> # search result
> search: 2
> result: 32 No such object
>
> # numResponses: 1
>
> So, I am a little confused. First attempt says it cannot bind using sasl, second
> attempt using simple auth works, but does not list and SASL Mechanisms. BUT if
> that is the case how come I get the ldap_sasl error in the first place?
>
> --
> Bob Tanner <tanner@real-time.com> | Phone : (952)943-8700
> http://www.mn-linux.org | Fax : (952)943-8500
> Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9