Re: OpenLDAP as a SASL backend
"Zohar Lev Shani" <levshani5252(a)gmail.com> writes:
OK, got that.
Now I am trying a different SASL configuration, and I have these
mechanisms available:
> ldapsearch -h localhost:9999 -x -b '' supportedSASLMechanisms -s base -LLL
dn:
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
With the same data, I tried running ldapsearch with SASL and got that
there are no SASL mechanisms available.
> ldapsearch -h localhost:9999 -Y PLAIN -U user1 -w pass1 -LLL -b
cn=user1,cn=users,dc=my-domain,dc=com
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: No worthy mechs found
Same goes for '-Y LOGIN'.
What am I missing here?
OpenLDAP only supports PLAIN and LOGIN if data transport is secured
that is either by TLS or local pipe. Install sasl libdigestmd5 and
libcrammd5 to provide shared secret security.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6