Re: supportedSASLMechanisms not Work in Debian Lenny

Tanks Dieter,

You are right. Its libraries GnuTLS with not working very well. If I use OpenSSL works fine.

I found the following open bug in Debian: * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505191 * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477396

I will wait for close this bug.

Tanks again!

2009/1/30 Dieter Kluenter dieter@dkluenter.de:

Jarbas Peixoto Júnior jarbas.junior@gmail.com writes:

...

I have two servers:

• Server A: Debian Etch - Works Fine

• Server B: Debian Lenny - Do not Works supportedSASLMechanisms EXTERNAL

In Server A I have:

# ldapsearch -v -H ldap://server-Etch -b "" -LLL -s base supportedSASLMechanisms -ZZ ldap_initialize( ldap://server-Etch ) SASL/EXTERNAL authentication started SASL username: emailAddress=jarbas.peixoto@previdencia.gov.br,CN=jarbas.peixoto,OU=DATAPREV,O=Previdencia Social,L=Campo Grande,ST=Mato Grosso do Sul,C=BR SASL SSF: 0 filter: (objectclass=*) requesting: supportedSASLMechanisms dn: supportedSASLMechanisms: PLAIN supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: LOGIN supportedSASLMechanisms: NTLM supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: EXTERNAL

In Server B I have:

# ldapsearch -v -H ldap://server-Lenny -b "" -LLL -s base supportedSASLMechanisms -ZZ ldap_initialize( ldap://server-Lenny:389/??base ) ldap_start_tls: Connect error (-11

# ldapsearch -v -H ldap://server-Lenny -b "" -LLL -s base supportedSASLMechanisms -ZZ -d 1 ldap_url_parse_ext(ldap://server-Lenny)

[...]

...

Jan 29 18:17:22 server-Lenny slapd[12945]: conn=99 fd=21 closed (TLS negotiation failure)

This is very important for use openldap with user certificates.

This is most likely not an OpenLDAP issue but a Debian issue. Probably OpenSSL vs. GnuTLS. Check the linked libraries.

-Dieter

-- Dieter Klünter | Systemberatung http://www.dpunkt.de/buecher/2104.html sip: +49.180.1555.7770535 GPG Key ID:8EF7B6C6 53°08'09,95"N 10°08'02,42"E