[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using TLS not seeing EXTERNAL as Using TLS not seeing EXTERNAL as supported SASL mechanism

To: openldap-technical@openldap.org
Subject: Using TLS not seeing EXTERNAL as Using TLS not seeing EXTERNAL as supported SASL mechanism
From: Bill MacAllister <bill@ca-zephyr.org>
Date: Mon, 08 Feb 2016 18:45:54 -0800
Content-disposition: inline; size=2269

I am working on using TLS on an OpenLDAP server and having issues.
Basically I can make a TLS connection, but I don't see EXTERNAL as
one of the supportedSASLMechanisms.  (slapd 2.4.41+dfsg-1ubuntu2~dbp0
built with openssl)

Here is my ldapsearch:

$ ldapsearch -h ldap-test-master1.corp.dropbox.com -x -ZZ -b '' -s base supportedSASLMechanisms


# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#

#
dn:
supportedSASLMechanisms: GS2-IAKERB
supportedSASLMechanisms: GS2-KRB5
supportedSASLMechanisms: SCRAM-SHA-1
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN

# search result
search: 3
result: 0 Success

# numResponses: 2

Here is what I see in the server log:

2016-02-09T02:40:00.797598+00:00 ldap-test-master1 slapd[22379]: conn=1008 fd=14 ACCEPT from IP=172.17.8.240:47231 (IP=0.0.0.0:389)
2016-02-09T02:40:00.797640+00:00 ldap-test-master1 slapd[22379]: conn=1008 op=0 EXT oid=1.3.6.1.4.1.1466.20037
2016-02-09T02:40:00.797646+00:00 ldap-test-master1 slapd[22379]: conn=1008 op=0 STARTTLS
2016-02-09T02:40:00.797686+00:00 ldap-test-master1 slapd[22379]: conn=1008 op=0 RESULT oid= err=0 text=
2016-02-09T02:40:00.804071+00:00 ldap-test-master1 slapd[22379]: conn=1008 fd=14 TLS established tls_ssf=256 ssf=256
2016-02-09T02:40:00.804540+00:00 ldap-test-master1 slapd[22379]: conn=1008 op=1 BIND dn="" method=128
2016-02-09T02:40:00.804590+00:00 ldap-test-master1 slapd[22379]: conn=1008 op=1 RESULT tag=97 err=0 text=
2016-02-09T02:40:00.804931+00:00 ldap-test-master1 slapd[22379]: conn=1008 op=2 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
2016-02-09T02:40:00.804941+00:00 ldap-test-master1 slapd[22379]: conn=1008 op=2 SRCH attr=supportedSASLMechanisms
2016-02-09T02:40:00.805056+00:00 ldap-test-master1 slapd[22379]: conn=1008 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
2016-02-09T02:40:00.805483+00:00 ldap-test-master1 slapd[22379]: conn=1008 op=3 UNBIND
2016-02-09T02:40:00.805587+00:00 ldap-test-master1 slapd[22379]: conn=1008 fd=14 closed

What should I be looking at?  What am I missing?

Thanks in advance,

Bill

Follow-Ups:
- Re: Using TLS not seeing EXTERNAL as Using TLS not seeing EXTERNAL as supported SASL mechanism
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: Re: [OpenLDAP][Authentication] SASL
Next by Date: Re: chaining for a single backend?
Index(es):
- Chronological
- Thread