Re: modifying cn=config - Invalid credentials (49)

[Dan White <dwhite@olp.net>]

On 02/20/13 16:20 +1100, Asmaa Ahmed wrote:
> Actually I only added kerberos authentication for sasl.
> In '/etc/ldap/sasl2/slapd.conf', I added only  mech_list: GSSAPI
> Can I add other mechanisms too?
>
> ldapsearch -x -H ldapi:// -b '' -s base -LLL supportedSASLMechanisms
> dn:
> supportedSASLMechanisms: GSSAPI

Yes, separated by a space:

mech_list: GSSAPI EXTERNAL

> > Date: Tue, 19 Feb 2013 22:31:34 -0600
> > From: dwhite@olp.net
> > To: asabatgirl@hotmail.com
> > Subject: Re: modifying cn=config - Invalid credentials (49)
> > CC: openldap-technical@openldap.org
> >
> > On 02/20/13 13:45 +1100, Asmaa Ahmed wrote:
> > >Do you mean something like that?
> > >
> > >ldapsearch -QY EXTERNAL -H ldapi:///
> > >ldap_sasl_interactive_bind_s: Authentication method not supported (7)
> > >    additional info: SASL(-4): no mechanism available:
> > >
> > >Thanks.
> >
> > You have likely misconfigured sasl, via your sasl slapd.conf file.
> >
> > Within that file, comment out your 'mech_list' option, or add 'EXTERNAL' to
> > it.

--
Dan White