Travis Bean wrote:
On Tue, Jul 30, 2024 at 2:29 PM Quanah Gibson-Mount quanah@fast-mail.org wrote:
Just glancing at your script I see errors, such as:
SASL_MECH GSSAPI PLAIN
for ldap.conf. The man page clearly notes this takes a SINGLE mechanism.
If ldap.conf(5) only supports one SASL mechanism for the SASL_MECH variable, then the man page at https://www.openldap.org/software/man.cgi?query=ldap.conf needs to be updated to clarify this.
It says quite clearly SASL_MECH <mechanism> Specifies the SASL mechanism to use.
Note - singular. Also there is no mention of any valid delimiter for multiple values, because multiple values are not allowed.
I originally configured the SASL_MECH variable for OpenLDAP's ldap.conf(5) the same way I configured the mech_list variable for Postfix's smtpd.conf and the auth_mechanisms variable for Dovecot's 10-auth.conf. I configured multiple SASL mechanisms for each of these variables for testing purposes.
smtpd.conf is a server config file. ldap.conf is a client library config file. Naturally a server may be configured to support multiple client mechanisms, but any particular client only uses one mechanism to talk to a server.