[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL EXTERNAL with URLs other than ldapi://

To: openldap-software@OpenLDAP.org
Subject: SASL EXTERNAL with URLs other than ldapi://
From: Rodolfo Broco Manin <rodolfo@ime.unicamp.br>
Date: Thu, 10 Feb 2005 12:38:43 -0200
User-agent: Mozilla Thunderbird 0.9 (X11/20041127)

Hi, all!!

This may be a silly question, but... how can I use SASL's "EXTERNAL"
mechamism with OpenLDAP over network connections (ldap:// and ldaps://
URLs)?  Here at my site I can see "supportedSASLMechanisms: EXTERNAL"
only when connecting via a ldapi:// URL.

I have "TLSVerifyClient try" at slapd.conf (but I tryied with "allow"
and "demand" too, without sucess).  I tested SASL authentication using
LOGIN and GSSAPI mechs, and it works fine.

What am I doing wrong??

Tnks in advice!!

P.S.: there are some queries I performed with my current setup


("EXTERNAL" doesn't shows up using "ldap://"; URLs)
# ldapsearch -x -H ldap://localhost -b "" -LLL -s base
supportedSASLMechanisms
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: GSSAPI

(It's not available using TLS or SSL)
# ldapsearch -x -Z -H ldap://localhost -b "" -LLL -s base
supportedSASLMechanisms
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: GSSAPI

(But it looks fine when I connect via socket)
# ldapsearch -x -H ldapi:///var/run/ldapi -b "" -LLL -s base
supportedSASLMechanisms
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: EXTERNAL

Follow-Ups:
- Re: SASL EXTERNAL with URLs other than ldapi://
  - From: Jan-Piet Mens <jpm@retail-sc.com>

Prev by Date: ACL Problem
Next by Date: Re: SASL EXTERNAL with URLs other than ldapi://
Index(es):
- Chronological
- Thread