Am Mon, 31 Aug 2015 19:43:39 -0400 schrieb Frank Crow fjcrow2008@gmail.com:
Hi,
I'm trying to configure OpenLDAP 2.4.23 (running on RHEL6.5) to use client-side certificates via the SASL/EXTERNAL mechanism. I have successfully configured server-side certs with TLS and was wanting to expand my configuration on the client-side.
If set the TLSClientVerify to "allow" or "try" and attempt to use "-Y EXTERNAL", I get the following message:
SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL (-4): no mechaism available:
If I do a search on the DSE, I get the following available methods:
dn: supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: LOGIN supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: PLAIN
I know that other people are using this but nobody (here at work) knows why my particular configuration is getting this error. Can anyone help me figure this out?
It seems you have not initialised a TLS session, that is, either startTLS on port 389 or without starttls on secure port 636
ldapsearch -LLL -Y EXTERNAL -ZZ -H ldap://localhost -b "" -s base supportedSASLMechanisms
SASL/EXTERNAL authentication started SASL username: xxxxx SASL SSF: 0 dn: supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: SCRAM-SHA-1
-Dieter