[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL EXTERNAL & Debian



The SASL EXTERNAL mechanism is working with OpenLDAP on my OS X machine, but not on my Debian machines.

"slapd.conf", "ldap.conf", and "~/.ldaprc" are essentially identical on all machines.

"slapd.conf" contains:
---
TLSCACertificateFile    /etc/openldap/cacert.pem
TLSVerifyClient demand
---
and "~/.ldaprc" contains:
---
TLS_CERT        /etc/openldap/cert.pem
TLS_KEY /etc/openldap/key.pem
---

On the OS X machine, "ldapsearch -h gol -ZZ -Y EXTERNAL -s base -b "" supportedSASLMechanisms":
---
SASL/EXTERNAL authentication started
SASL username: CN=gol
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <> with scope base
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#


#
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: EXTERNAL

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1
---
but on either Debian machine, "ldapsearch -h gol -ZZ -Y EXTERNAL -s base -b "" supportedSASLMechanisms":
---
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (86)
additional info: SASL(-4): no mechanism available:
---


I'm running up-to-date versions of SASL and OpenLDAP:
---
ii  libsasl2       2.1.18-4       Authentication abstraction library
ii  slapd          2.1.29-2       OpenLDAP server (slapd)
---

I suspect that, since the EXTERNAL mechanism is working with one distribution (OS X) and not another (Debian), it must be compiled differently in each case? I've been through the SASL installation documentation, however, and can't figure out what's necessary to enable the EXTERNAL mechanism.

Any help much appreciated!

Thanks,

Jack