How to make anonymous SASL work?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> I tried ldapsearch, but it seems to fail quite basicly:
> 
> [root at langham ~]# ldapsearch -D "cn=admin" -w fidelio77 -b "fashioncontent.com" cn=hvendelbo
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>         additional info: SASL(-4): no mechanism available:
> [root at langham ~]# ldapsearch -X -Y
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>         additional info: SASL(-4): no mechanism available:

> Date: Sun, 17 Sep 2006 09:53:11 -0600
> From: Richard Megginson <rmeggins at redhat.com>

> devel - Fashion Content wrote:
>>>> As I understand the message I need to configure some protocol
>>>> on the server, but I have no idea where or how??
>>>
>>> It looks like you're using the OpenLDAP version of ldapsearch and don't
>>> have SAASL auth set up on the server.
>> Yes, but how do I set up SASL auth. What doc describes it in less than 
>> 100 pages.
>> Also, why shouldnt the OpenLDAP client be able to talk to Fedora DS ?
> It is - see below
>>> You can either pass the "-x" switch to ldapsearch to use plaintext auth,
>>> ot use the ldapsearch that comes with the directory server (probably in
>>> /opt/fedora-ds/shared/bin).
> /usr/bin/ldapsearch -x -D "bind dn" -w bindpassword .....
> 
> ldapsearch by default will attempt a SASL bind, using the best mechanism 
> available.  To disable this behavior, and force the openldap command 
> line tools to use SIMPLE binddn/password auth, you have to specify the 
> -x argument.

By the way, I think it's a bug that your server advertised the 
SASL/EXTERNAL mechanism here; that mech should only be offered when 
there is actually an external security system in place (e.g. IPSEC or 
TLS). It appears this was a plain, unprotected connection. A mech 
shouldn't be listed in the supportedSASLmechanisms list if requesting it 
will in fact fail with "no mechanism available"...

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux