[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL External : unknown authentication method

To: openldap-software@OpenLDAP.org
Subject: Re: SASL External : unknown authentication method
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Wed, 07 May 2003 19:16:12 +0200
In-reply-to: <1052306997.982.202.camel@linux-integ.enatel.local> (Francois Beretti's message of "07 May 2003 13:29:57 +0200")
References: <1052306997.982.202.camel@linux-integ.enatel.local>
User-agent: Gnus/5.090005 (Oort Gnus v0.05) XEmacs/21.4 (Portable Code, i686-pc-linux)

Hello,

Francois Beretti <francois.beretti@enatel.com> writes:

> hello all
>
> I get this error :
>
> [francois@linux-integ francois]$ ldapsearch -ZZ -Y EXTERNAL
> ldap_sasl_interactive_bind_s: Unknown authentication method (86)
>         additional info: SASL(-4): no mechanism available: No worthy
> mechs found
>
> ldapsearch -Z works well, my sever and client certs are both valid,

A single -Z doesn't require a successful operation

> I got :
> TLSCertificateFile      /etc/openldap/tls/cert.pem
> TLSCertificateKeyFile   /etc/openldap/tls/cert.key
> TLSCACertificateFile    /demoCA/cacert.pem
> TLSVerifyClient         demand
> in my slapd.conf.

The TLSCertifcateKeyFile must be in .pem format

> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> connection_get(9): got connid=0

There is an error in your client certificate

[...]

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour

Follow-Ups:
- Re: SASL External : unknown authentication method
  - From: Francois Beretti <francois.beretti@enatel.com>

References:
- SASL External : unknown authentication method
  - From: Francois Beretti <francois.beretti@enatel.com>

Prev by Date: RE: help with groups?
Next by Date: File Descriptors
Index(es):
- Chronological
- Thread