Full_Name: Quanah Gibson-Mount Version: 2.4.23 OS: Linux 2.6 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (75.111.45.108) As reported at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604122 Hello, During some tests for nslcd[1], I found that if the SASL_SECPROPS in /etc/ldap/ldap.conf is incompatible with the SASL_MECH, then the library: - open a useless TCP connection to the server - check the mechanism and fail - close the TCP connection ===== /etc/ldap/ldap.conf BASE dc=baby-gnu,dc=org URI ldap://192.168.122.4 SASL_MECH DIGEST-MD5 SASL_SECPROPS noactive ===== /etc/ldap/ldap.conf ===== Wireshark capture No. Time Source Destination Protocol Info 3 2.728967 192.168.122.3 192.168.122.4 TCP 51521 > ldap [SYN] Seq=0 [...] 4 2.729699 192.168.122.4 192.168.122.3 TCP ldap > 51521 [SYN, ACK] Seq=0 [...] 5 2.729714 192.168.122.3 192.168.122.4 TCP 51521 > ldap [ACK] Seq=1 [...] 6 2.739576 192.168.122.3 192.168.122.4 TCP 51521 > ldap [FIN, ACK] Seq=1 [...] 7 2.740686 192.168.122.4 192.168.122.3 TCP ldap > 51521 [FIN, ACK] Seq=1 [...] 8 2.740702 192.168.122.3 192.168.122.4 TCP 51521 > ldap [ACK] Seq=2 [...] ===== Wireshark capture ===== ldapsearch ldapsearch -U dad -s base -LLL supportedSASLMechanisms ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found ===== ldapsearch As the problem is found in a software using the libldap, I conclude the problem is in the lib and not in ldapsearc. Regards.