When trying to bind to ldapi:// with SASL EXTERNAL auth i get this error from slapd on solaris.
==> sasl_bind: dn="" mech=EXTERNAL datalen=0 send_ldap_result: err=7 matched="" text="SASL(-4): no mechanism available: " connection_get(12) ber_dump: buf=82c5408 ptr=82c5408 end=82c540d len=5 0000: 02 01 02 42 00
slapd.conf(snippet):
sasl-secprops minssf=0
sasl-regexp .*uidNumber=0.*,cn=peercred, cn=external,cn=auth uid=heimdal,dc=services,dc=dmarkey,dc=com
Would anyone be able to help me?
Solaris 10 x86, slapd 2.3.39(have also tried 2.4)
I've established this is a solaris specific problem, i compiled everything from scratch on CentOS with the same options and it worked fine. Anyone have any ideas? are sockets different on solaris?
Much appreciated.
David Markey
David Markey wrote:
When trying to bind to ldapi:// with SASL EXTERNAL auth i get this error from slapd on solaris.
==> sasl_bind: dn="" mech=EXTERNAL datalen=0 send_ldap_result: err=7 matched="" text="SASL(-4): no mechanism available: "
What does attribute 'supportedSASLMechanisms' of root DSE contains as values?
Ciao, Michael.
/opt/uni/bin/ldapsearch -x -H ldapi:// -b '' -s base -LLL supportedSASLMechanisms
supportedSASLMechanisms: PLAIN supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: GSSAPI
That any help?
On Sun, Jul 13, 2008 at 1:09 PM, Michael Ströder michael@stroeder.com wrote:
David Markey wrote:
When trying to bind to ldapi:// with SASL EXTERNAL auth i get this error from slapd on solaris.
==> sasl_bind: dn="" mech=EXTERNAL datalen=0 send_ldap_result: err=7 matched="" text="SASL(-4): no mechanism available: "
What does attribute 'supportedSASLMechanisms' of root DSE contains as values?
Ciao, Michael.
David Markey wrote:
/opt/uni/bin/ldapsearch -x -H ldapi:// -b '' -s base -LLL supportedSASLMechanisms
supportedSASLMechanisms: PLAIN supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: GSSAPI
That any help?
Well, it shows that the server does not handle EXTERNAL.
How did you build the server? Maybe EXTERNAL over LDAPI is not supported on Solaris? On some platforms it was disabled because it's not secure on these platforms.
See also: http://www.openldap.org/its/index.cgi?findid=4893
Ciao, Michael.
Hi,
"David Markey" admin@dmarkey.com writes:
[sasl mechs]
On Sun, Jul 13, 2008 at 1:09 PM, Michael Ströder michael@stroeder.com wrote:
David Markey wrote: When trying to bind to ldapi:// with SASL EXTERNAL auth i get this error from slapd on solaris. ==> sasl_bind: dn="" mech=EXTERNAL datalen=0 send_ldap_result: err=7 matched="" text="SASL(-4): no mechanism available: "
I have OpenLDAP 2.4.10 installed on openSolaris Nevade and found time to test your problem and can confirm, that sasl external mechanism on local socket is not available. My installation directory is /opt/openldap and the local socket is /opt/openldap/var/run/ldapi. ldapsearch -x -H ldapi//%2Fopt%2Fopeldap%2Fvar%2Frun%2Fldapi -b "" -s base + is successfull, a simple bind and a strong bind with digest-md5 is successfull as well, but but the sasl external mechanism on local socket is not available on Solaris, but on Linux only. The command id gives the same results on Solaris and Linux. I just wownder if the nonimplementation of sasl external mechanism on Solaris is intentinal or a bug.
-Dieter
This is fixed as of 2.4.11.
Thanks everyone, Howard and Dieter in particular.
On Tue, Jul 15, 2008 at 5:57 PM, Dieter Kluenter dieter@dkluenter.de wrote:
Hi,
"David Markey" admin@dmarkey.com writes:
[sasl mechs]
On Sun, Jul 13, 2008 at 1:09 PM, Michael Ströder michael@stroeder.com
wrote:
David Markey wrote: When trying to bind to ldapi:// with SASL EXTERNAL auth i getthis error from
slapd on solaris. ==> sasl_bind: dn="" mech=EXTERNAL datalen=0 send_ldap_result: err=7 matched="" text="SASL(-4): no mechanismavailable: "
I have OpenLDAP 2.4.10 installed on openSolaris Nevade and found time to test your problem and can confirm, that sasl external mechanism on local socket is not available. My installation directory is /opt/openldap and the local socket is /opt/openldap/var/run/ldapi. ldapsearch -x -H ldapi//%2Fopt%2Fopeldap%2Fvar%2Frun%2Fldapi -b "" -s base + is successfull, a simple bind and a strong bind with digest-md5 is successfull as well, but but the sasl external mechanism on local socket is not available on Solaris, but on Linux only. The command id gives the same results on Solaris and Linux. I just wownder if the nonimplementation of sasl external mechanism on Solaris is intentinal or a bug.
-Dieter
-- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6 53°08'09,95"N 10°08'02,42"E
openldap-software@openldap.org
-
David Markey -
Dieter Kluenter -
Michael Ströder