"Zohar Lev Shani" levshani5252@gmail.com writes:
OK, got that.
Now I am trying a different SASL configuration, and I have these mechanisms available:
ldapsearch -h localhost:9999 -x -b '' supportedSASLMechanisms -s base -LLL
dn: supportedSASLMechanisms: LOGIN supportedSASLMechanisms: PLAIN
With the same data, I tried running ldapsearch with SASL and got that there are no SASL mechanisms available.
ldapsearch -h localhost:9999 -Y PLAIN -U user1 -w pass1 -LLL -b cn=user1,cn=users,dc=my-domain,dc=com
ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found
Same goes for '-Y LOGIN'.
What am I missing here?
OpenLDAP only supports PLAIN and LOGIN if data transport is secured that is either by TLS or local pipe. Install sasl libdigestmd5 and libcrammd5 to provide shared secret security.
-Dieter