On Wed, Dec 30, 2015 at 7:04 PM, Dan White dwhite@cafedemocracy.org wrote:
Is DIGEST-MD5 available on your ldap server? Try:
ldapsearch -LLL -x -H ldap://1.2.3.4 -s "base" -b "" supportedSASLMechanisms
On 12/31/15 09:51 -0600, Timothy Keith wrote:
Dan, that ldapsearch returns : dn: supportedSASLMechanisms: PLAIN
On Mon, Jan 4, 2016 at 1:16 PM, Dan White dwhite@cafedemocracy.org wrote:
On 01/04/16 09:41 -0600, Timothy Keith wrote:
ldapwhoami -Y PLAIN -H ldap://182.19.136.42 -U testuser
produces :
ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found
On 01/04/16 14:47 -0600, Timothy Keith wrote:
pluginviewer returned this, as well as several other plugins :
List of server plugins follows
Plugin "plain" [loaded], API version: 4 SASL mechanism: PLAIN, best SSF: 0, supports setpass: no security flags: NO_ANONYMOUS features: WANT_CLIENT_FIRST|PROXY_AUTHENTICATION
Something doesn't add up here. The remote server claims to support sasl plain, and your local server claims to support it as well.
I suppose your server could be claiming support, but not really supporting it without a security layer, in which case you might investigate doing ssl/starttls.
See if you can get a hold of any logs from the server.