[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP + SASL
This is how getopt(3) and ALL UN*X programs work: if you specify an option
(a '-' followed by a letter or a number) which REQUIRES a value, the value
MUST be present. If you use "-Y" you MUST specify the mechanism; if you
want the client to choose the best, don't use "-Y". Is it clear, now?
p.
> From the man page:
> -Y mech
> Specify the SASL mechanism to be used for
> authentication.
> If
> it's not specified, the program will choose the best
> mechanism
> the server knows.
>
> I assume i can specify the agrument to the option, but to me it sounds
> like it can't find any mechanism to use.
>
> Anyhow, this is neither here nor there
>
> When I use: ldapsearch -h localhost -p 389 -x -b "" -s base -L
> supportedSASLMechanisms
>
> i get this:
>
> debian:/tmp# ldapsearch -h localhost -p 389 -x -b "" -s base -L
> supportedSASLMechanisms
> version: 1
>
> #
> # LDAPv3
> # base <> with scope base
> # filter: (objectclass=*)
> # requesting: supportedSASLMechanisms
> #
>
> #
> dn:
>
> # search result
>
> # numResponses: 2
> # numEntries: 1
> debian:/tmp#
>
> What should i be looking for if i'm expecting
>
> supportedSASLMechanisms: ANONYMOUS
> supportedSASLMechanisms: GSSAPI
>
>
>
> "Howard Chu" <hyc@highlandsun.com> wrote:
>>
>>> -----Original Message-----
>>> From: owner-openldap-software@OpenLDAP.org
>>> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Matt
>>> Heitzenroder
>>
>>> Thanks for your help, unfortunately i'm pretty new to ldap
>>> and i really
>>> don't understand what you mean. can you further explain it to me?
>>
>>Reread the ldapsearch(1) man page and see how the "-Y" option is
>> supposed to be used. You cannot specify it by itself, it expects an
>> argument. The argument should be the name of a valid SASL mechanism.
>>
>>> "Pierangelo Masarati" <ando@sys-net.it> wrote:
>>> >
>>> >
>>> >> debian:/usr/lib/sasl2# ldapsearch -h localhost -p 389 -Y
>>> -s base -LLL
>>> >
>>> >-Y requires the mech you selected as an argument; see ldapsearch(1)
>>> (and any other client's manpage, they work exactly the same)
>>
>> -- Howard Chu
>> Chief Architect, Symas Corp. Director, Highland Sun
>> http://www.symas.com http://highlandsun.com/hyc
>> Symas: Premier OpenSource Development and Support
>>
>>
>>
>
> ~~~~~~~~~~~~~~~~~~
> Matt Heitzenroder
> RoderCo, LLC
> http://www.roderco.net
> 412.779.6100
> ~~~~~~~~~~~~~~~~~~
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497