[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: supportedSASLMechanisms not Work in Debian Lenny
- To: Dieter Kluenter <dieter@dkluenter.de>
- Subject: Re: supportedSASLMechanisms not Work in Debian Lenny
- From: Jarbas Peixoto Júnior <jarbas.junior@gmail.com>
- Date: Mon, 2 Feb 2009 08:41:32 -0300
- Cc: openldap-technical@openldap.org
- In-reply-to: <87bptp40l1.fsf@rubin.l4b.de>
- References: <68b0c88f0901291727l257a115fx426f17029ed0a4e5@mail.gmail.com> <87bptp40l1.fsf@rubin.l4b.de>
Tanks Dieter,
You are right. Its libraries GnuTLS with not working very well. If I
use OpenSSL works fine.
I found the following open bug in Debian:
* http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505191
* http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477396
I will wait for close this bug.
Tanks again!
2009/1/30 Dieter Kluenter <dieter@dkluenter.de>:
> Jarbas Peixoto Júnior <jarbas.junior@gmail.com> writes:
>
>> I have two servers:
>>
>> * Server A: Debian Etch - Works Fine
>>
>> * Server B: Debian Lenny - Do not Works supportedSASLMechanisms EXTERNAL
>>
>> In Server A I have:
>>
>> # ldapsearch -v -H ldap://server-Etch -b "" -LLL -s base supportedSASLMechanisms
>> -ZZ
>> ldap_initialize( ldap://server-Etch )
>> SASL/EXTERNAL authentication started
>> SASL username: emailAddress=jarbas.peixoto@previdencia.gov.br,CN=jarbas.peixoto,OU=DATAPREV,O=Previdencia
>> Social,L=Campo Grande,ST=Mato Grosso do Sul,C=BR
>> SASL SSF: 0
>> filter: (objectclass=*)
>> requesting: supportedSASLMechanisms
>> dn:
>> supportedSASLMechanisms: PLAIN
>> supportedSASLMechanisms: DIGEST-MD5
>> supportedSASLMechanisms: LOGIN
>> supportedSASLMechanisms: NTLM
>> supportedSASLMechanisms: CRAM-MD5
>> supportedSASLMechanisms: EXTERNAL
>>
>> In Server B I have:
>>
>> # ldapsearch -v -H ldap://server-Lenny -b "" -LLL -s base
>> supportedSASLMechanisms -ZZ
>> ldap_initialize( ldap://server-Lenny:389/??base )
>> ldap_start_tls: Connect error (-11
>>
>> # ldapsearch -v -H ldap://server-Lenny -b "" -LLL -s base
>> supportedSASLMechanisms -ZZ -d 1
>> ldap_url_parse_ext(ldap://server-Lenny)
> [...]
>> Jan 29 18:17:22 server-Lenny slapd[12945]: conn=99 fd=21 closed (TLS negotiation
>> failure)
>>
>>
>> This is very important for use openldap with user certificates.
>
> This is most likely not an OpenLDAP issue but a Debian issue. Probably
> OpenSSL vs. GnuTLS. Check the linked libraries.
>
> -Dieter
>
> --
> Dieter Klünter | Systemberatung
> http://www.dpunkt.de/buecher/2104.html
> sip: +49.180.1555.7770535
> GPG Key ID:8EF7B6C6
> 53°08'09,95"N
> 10°08'02,42"E
>
>