On Fri, 2007-10-26 at 19:59 -0700, Quanah Gibson-Mount wrote:
> ldapsearch -ZZ -U "openldap" -b
> "(uid=it)" ldap_sasl_interactive_bind_s: Confidentiality required (13)
> additional info: SASL confidentiality required
> Is that a bug?
I suggest reading the part on sasl-secprops in the slapd.conf (5) man page.
It notes that the default is to setting is to block anonymous and plain
I suspect you are right in that is the cause of the
problem because a -Y DIGEST-MD5 fixes it. But, as
I said, it worked before the security option was
added. It worked because DIGEST-MD5 was the default.
So why isn't it the default now?
Now that you have pointed it out, I guess that the
addition of the 'security' option prevented SASL
from searching dn="" for the types of authentications
access to userPassword
by users read sasl_ssf=128 break
by users read tls=128
I think might do it.
You would think that would do it - certainly I did. But
you would be wrong. Currently it doesn't, and that is
what this ITS is about. The patch I supplied with the
initial bug report changes things so it does work.