[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL External Mechanism



At 08:25 AM 12/29/2003, Dieter Kluenter wrote:
>ms419@freezone.co.uk writes:
>
>> I've successfully installed and configured openLDAP with TLS
>> support. I am trying to authenticate using the SASL EXTERNAL
>> mechanism, as described in the Administrator's Guide. I can use TLS,
>> but can't authenticate using EXTERNAL.
>>
>> ldapsearch -x -H "ldaps://ldap" -s base -b "" supportedSASLMechanisms
>[...]
>
>> How do I make the EXTERNAL mechanism available?
>
>You have to initiate starttls by using the flag -Z
>ldapsearch -Y EXTERNAL -ZZ -b "" -s base supportedSASLMechanisms

While -Z indicates to client to use the LDAP Start TLS
operation to initiate TLS (SSL), one can also use -H ldaps://
to implicitly initiate TLS (SSL) upon TCP connect (if the
server has been configured to support ldaps://).  See archives
for details.

The user's problem is more likely a case of not asserting
the client's certificate.

Kurt