Thanks. The modification enabled the mechanism, and solved my problem.
Date: Tue, 19 Feb 2013 23:45:52 -0600 From: dwhite@olp.net To: asabatgirl@hotmail.com CC: openldap-technical@openldap.org Subject: Re: modifying cn=config - Invalid credentials (49)
On 02/20/13 16:20 +1100, Asmaa Ahmed wrote:
Actually I only added kerberos authentication for sasl. In '/etc/ldap/sasl2/slapd.conf', I added only mech_list: GSSAPI Can I add other mechanisms too?
ldapsearch -x -H ldapi:// -b '' -s base -LLL supportedSASLMechanisms dn: supportedSASLMechanisms: GSSAPI
Yes, separated by a space:
mech_list: GSSAPI EXTERNAL
Date: Tue, 19 Feb 2013 22:31:34 -0600 From: dwhite@olp.net To: asabatgirl@hotmail.com Subject: Re: modifying cn=config - Invalid credentials (49) CC: openldap-technical@openldap.org
On 02/20/13 13:45 +1100, Asmaa Ahmed wrote:
Do you mean something like that?
ldapsearch -QY EXTERNAL -H ldapi:/// ldap_sasl_interactive_bind_s: Authentication method not supported (7) additional info: SASL(-4): no mechanism available:
Thanks.
You have likely misconfigured sasl, via your sasl slapd.conf file.
Within that file, comment out your 'mech_list' option, or add 'EXTERNAL' to it.
-- Dan White