Re: [OpenLDAP][Authentication] SASL - openldap-technical

22 Jan 2016


      The supported SASL mechanisms are CRAM-MD5 and DIGEST-MD5
[tkeith@kif ~]$ ldapsearch -x -H ldap://localhost -b "" -s base
supportedSASLMechanisms
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#
#
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: DIGEST-MD5
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
But this returns : no mechanism available:
ldapwhoami -v -ZZZ -Y EXTERNAL -h localhost
ldap_initialize( ldap://localhost )
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:
Tim
On Fri, Jan 22, 2016 at 11:36 AM, Quanah Gibson-Mount quanah@zimbra.com wrote:
...
Please keep replies to the list.
--Quanah
--On Friday, January 22, 2016 11:26 AM -0600 Timothy Keith
timothy.g.keith@gmail.com wrote:
...
ldapwhoami -v -ZZ -Y EXTERNAL -h localhost
ldap_initialize( ldap://localhost )
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:
ldapsearch -h localhost -LLL -Y EXTERNAL -b "" -s base +
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:
Tim
On Fri, Jan 22, 2016 at 10:10 AM, Quanah Gibson-Mount quanah@zimbra.com
wrote:
...
--On Friday, January 22, 2016 9:38 AM -0600 Timothy Keith
timothy.g.keith@gmail.com wrote:
...
The first attempt fails :
ldapwhoami -v -ZZ -Y EXTERNAL
ldap_initialize( <DEFAULT> )
ldap_start_tls: Connect error (-11)
        additional info: TLS: hostname does not match CN in peer
certificate
Why do you expect this to work?  You failed to supply -H with a valid
ldap:// URI.
...
This also fails :
ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Why do you expect this to work?  You passed -H without providing a host.
--Quanah
...
Tim
On Thu, Jan 21, 2016 at 7:43 PM, Sergio NNX sfhacker@hotmail.com
wrote:
...
...
My scenario is relatively simple.
Simple, but it doesn't work, right?
Are you after something similar to the output below?
ldapwhoami -v -ZZ -Y EXTERNAL
SASL/EXTERNAL authentication started
SASL username: 2.5.4.13=End User Certificate (OpenLDAP
2.4.43),2.5.4.5=1234-2015
-UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
Solutions,l=Westminster,st=Lon
don,c=GB,email=info@matear.eu,0.9.2342.19200300.100.1.1=Administrator,
dc =EU,cn=A dministrator
SASL SSF: 0
dn:description=end user certificate (openldap
2.4.43),serialNumber=1234-2015-uk,
title=mr,ou=finance department,o=matear.eu it
solutions,l=westminster,st=london,
c=gb,email=info@matear.eu,uid=administrator,dc=eu,cn=administrator
Result: Success (0)
ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
SASL/EXTERNAL authentication started
SASL username: 2.5.4.13=End User Certificate (OpenLDAP
2.4.43),2.5.4.5=1234-2015
-UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
Solutions,l=Westminster,st=Lon
don,c=GB,email=info@matear.eu,0.9.2342.19200300.100.1.1=Administrator,
dc =EU,cn=A dministrator
SASL SSF: 0
dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
monitorContext: cn=Monitor
namingContexts: dc=my-domain,dc=com
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.3.6.1.1.22
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedExtension: 1.3.6.1.1.8
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
supportedSASLMechanisms: SRP
supportedSASLMechanisms: SCRAM-SHA-1
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: EXTERNAL
supportedSASLMechanisms: OTP
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
entryDN:
subschemaSubentry: cn=Subschema
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.

Zimbra ::  the leader in open source messaging and collaboration
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.

Zimbra ::  the leader in open source messaging and collaboration