12:16 p.m.
The supported SASL mechanisms are CRAM-MD5 and DIGEST-MD5
[tkeith@kif ~]$ ldapsearch -x -H ldap://localhost -b "" -s base
supportedSASLMechanisms
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: supportedSASLMechanisms
#
#
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: DIGEST-MD5
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
But this returns : no mechanism available:
ldapwhoami -v -ZZZ -Y EXTERNAL -h localhost
ldap_initialize( ldap://localhost )
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
Tim
On Fri, Jan 22, 2016 at 11:36 AM, Quanah Gibson-Mount <quanah(a)zimbra.com> wrote:
Please keep replies to the list.
--Quanah
--On Friday, January 22, 2016 11:26 AM -0600 Timothy Keith
<timothy.g.keith(a)gmail.com> wrote:
> ldapwhoami -v -ZZ -Y EXTERNAL -h localhost
> ldap_initialize( ldap://localhost )
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
>
>
> ldapsearch -h localhost -LLL -Y EXTERNAL -b "" -s base +
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
>
>
> Tim
>
> On Fri, Jan 22, 2016 at 10:10 AM, Quanah Gibson-Mount <quanah(a)zimbra.com>
> wrote:
>>
>> --On Friday, January 22, 2016 9:38 AM -0600 Timothy Keith
>> <timothy.g.keith(a)gmail.com> wrote:
>>
>>> The first attempt fails :
>>>
>>> ldapwhoami -v -ZZ -Y EXTERNAL
>>> ldap_initialize( <DEFAULT> )
>>> ldap_start_tls: Connect error (-11)
>>> additional info: TLS: hostname does not match CN in peer
>>> certificate
>>
>>
>>
>> Why do you expect this to work? You failed to supply -H with a valid
>> ldap:// URI.
>>
>>> This also fails :
>>>
>>> ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
>>> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
>>
>>
>>
>> Why do you expect this to work? You passed -H without providing a host.
>>
>> --Quanah
>>
>>
>>>
>>> Tim
>>>
>>>
>>> On Thu, Jan 21, 2016 at 7:43 PM, Sergio NNX <sfhacker(a)hotmail.com>
>>> wrote:
>>>>>
>>>>>
>>>>> My scenario is relatively simple.
>>>>
>>>>
>>>> Simple, but it doesn't work, right?
>>>>
>>>> Are you after something similar to the output below?
>>>>
>>>> ldapwhoami -v -ZZ -Y EXTERNAL
>>>>
>>>> SASL/EXTERNAL authentication started
>>>> SASL username: 2.5.4.13=End User Certificate (OpenLDAP
>>>> 2.4.43),2.5.4.5=1234-2015
>>>> -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
>>>> Solutions,l=Westminster,st=Lon
>>>> don,c=GB,email=info(a)matear.eu,0.9.2342.19200300.100.1.1=Administrator,
>>>> dc =EU,cn=A dministrator
>>>> SASL SSF: 0
>>>> dn:description=end user certificate (openldap
>>>> 2.4.43),serialNumber=1234-2015-uk,
>>>> title=mr,ou=finance department,o=matear.eu it
>>>> solutions,l=westminster,st=london,
>>>> c=gb,email=info(a)matear.eu,uid=administrator,dc=eu,cn=administrator
>>>> Result: Success (0)
>>>>
>>>>
>>>> ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
>>>>
>>>> SASL/EXTERNAL authentication started
>>>> SASL username: 2.5.4.13=End User Certificate (OpenLDAP
>>>> 2.4.43),2.5.4.5=1234-2015
>>>> -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
>>>> Solutions,l=Westminster,st=Lon
>>>> don,c=GB,email=info(a)matear.eu,0.9.2342.19200300.100.1.1=Administrator,
>>>> dc =EU,cn=A dministrator
>>>>
>>>>
>>>> SASL SSF: 0
>>>> dn:
>>>> structuralObjectClass: OpenLDAProotDSE
>>>> configContext: cn=config
>>>> monitorContext: cn=Monitor
>>>> namingContexts: dc=my-domain,dc=com
>>>> supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
>>>> supportedControl: 2.16.840.1.113730.3.4.18
>>>> supportedControl: 2.16.840.1.113730.3.4.2
>>>> supportedControl: 1.3.6.1.4.1.4203.1.10.1
>>>> supportedControl: 1.3.6.1.1.22
>>>> supportedControl: 1.2.840.113556.1.4.319
>>>> supportedControl: 1.2.826.0.1.3344810.2.3
>>>> supportedControl: 1.3.6.1.1.13.2
>>>> supportedControl: 1.3.6.1.1.13.1
>>>> supportedControl: 1.3.6.1.1.12
>>>> supportedExtension: 1.3.6.1.4.1.1466.20037
>>>> supportedExtension: 1.3.6.1.4.1.4203.1.11.1
>>>> supportedExtension: 1.3.6.1.4.1.4203.1.11.3
>>>> supportedExtension: 1.3.6.1.1.8
>>>> supportedFeatures: 1.3.6.1.1.14
>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
>>>> supportedLDAPVersion: 3
>>>> supportedSASLMechanisms: SRP
>>>> supportedSASLMechanisms: SCRAM-SHA-1
>>>> supportedSASLMechanisms: GSSAPI
>>>> supportedSASLMechanisms: GSS-SPNEGO
>>>> supportedSASLMechanisms: DIGEST-MD5
>>>> supportedSASLMechanisms: EXTERNAL
>>>> supportedSASLMechanisms: OTP
>>>> supportedSASLMechanisms: CRAM-MD5
>>>> supportedSASLMechanisms: NTLM
>>>> supportedSASLMechanisms: LOGIN
>>>> supportedSASLMechanisms: PLAIN
>>>> entryDN:
>>>> subschemaSubentry: cn=Subschema
>>>>
>>>
>>
>>
>>
>> --
>>
>> Quanah Gibson-Mount
>> Platform Architect
>> Zimbra, Inc.
>> --------------------
>> Zimbra :: the leader in open source messaging and collaboration
--
Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
2870
days inactive
2870
days old
openldap-technical@openldap.org
0 comments
1 participants
participants (1)
-
Timothy Keith