Hi,
I'm trying to configure OpenLDAP 2.4.23 (running on RHEL6.5) to use client-side certificates via the SASL/EXTERNAL mechanism. I have successfully configured server-side certs with TLS and was wanting to expand my configuration on the client-side.
If set the TLSClientVerify to "allow" or "try" and attempt to use "-Y EXTERNAL", I get the following message:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL (-4): no mechaism available:
If I do a search on the DSE, I get the following available methods:
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: PLAIN
I know that other people are using this but nobody (here at work) knows why my particular configuration is getting this error. Can anyone help me figure this out?
Thanks,