[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL/EXTERNAL not available



Hi Frank,

if you want SASL to work, you need to have the cyrus-sasl libraries installed. And slapd has to be compiled with sasl support:

# rpm -qa | grep sasl
cyrus-sasl-lib-2.1.23-8.el6.x86_64
cyrus-sasl-2.1.23-8.el6.x86_64
cyrus-sasl-plain-2.1.23-8.el6.x86_64

# ldd /usr/sbin/slapd
...
  libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f8152dbb000)
...

I'm trying to configure OpenLDAP 2.4.23 (running on RHEL6.5) to use
client-side certificates via the SASL/EXTERNAL mechanism.   I have
successfully configured server-side certs with TLS and was wanting to
expand my configuration on the client-side.

If set the TLSClientVerify to "allow" or "try" and attempt to use "-Y
EXTERNAL", I get the following message:

SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
               additional info: SASL (-4): no mechaism available:


If I do a search on the DSE, I get the following available methods:

dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: PLAIN


I know that other people are using this but nobody (here at work) knows
why my particular configuration is getting this error.   Can anyone help
me figure this out?

Regards,

Dirk Kastens

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature