[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL problems.

To: Mathias Meisfjordskar <mathiasm@ifi.uio.no>
Subject: Re: SASL problems.
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 29 Aug 2001 11:50:52 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <Pine.LNX.4.21.0108241308370.1363-100000@marwin>

At 04:48 AM 2001-08-24, Mathias Meisfjordskar wrote:

>Hello all!
>
>I've struggled for days now, trying to get authentication working in
>OpenLDAP. With no luck. It boils down to a SASL problem, I
>think. Searching for any relevant information hasn't helped much.
>
>The problem:
>When doing authentication or something other than simple binds I get:
>"ldap_sasl_interactive_bind_s: Unknown authentication method"
>
>This was with the following search:
>'ldapsearch -H ldaps:/// -I -b "" -s base -LLL supportedSASLMechanisms'
>
>Using;
>'ldapsearch -H ldaps:/// -x -b "" -s base -LLL supportedSASLMechanisms'
>
>I get:  supportedSASLMechanisms: PLAIN
>        supportedSASLMechanisms: LOGIN

I assume you have gotten the Cyrus SASL sample client/server to work.
This is a required first step.

This implies that the client is unwilling to use PLAIN or LOGIN.
You may have to toy with SASL options.  Also, using -Y to specify
the SASL mechanism will avoid discovery headaches (which doesn't
appear to be a problem in your case).

You might also try with -ZZ instead of ldaps://.

>My goal: To get authentication working over TLS/SSL. I haven't played with
>kerberos yet, but I think configure included it.

It's best to avoid OpenLDAP w/ Kerberos IV (as this is namely for LDAPv2)
and use OpenLDAP w/ SASL/GSSAPI (for Kerberos V) instead.

References:
- SASL problems.
  - From: Mathias Meisfjordskar <mathiasm@ifi.uio.no>

Prev by Date: Re: LDAP client question .
Next by Date: odd ldap error: missing required attribute
Index(es):
- Chronological
- Thread