Yu Joe wrote: > Dear all > > I tried to make my FDS work with sasl(digest-md5)+SSL. I can get > correct result by "ldapsearch -Y digest-md5 -U sasl1 ..." or > "ldapsearch -x -D 'cn=Directory Manager' -W -H > ldaps://rhds.example.com...". > But I got the error message such as "*sasl encryption not supported > over ssl"*, when I execute command like "ldapsearch -Y digest-md5 -U > sasl1 -H ldaps://rhds.example.com ...". Some of my friends tell me > this works on openldap. So I suggest it must be also working on FDS. > Is that right? If so, what's the probably reason causes this error? Or > it just really don't support? Please helps, thanks a lot. No, it really doesn't work. But why are you wanting both SSL and SASL privacy ? For the curious, the way the SSL I/O is layered in the server is not compatible with the implementation of SASL encryption (they're both trying to layer at the same place in the I/O stack). With sufficient motivation I suspect that SASL over SSL could be done, but the question is why would anyone want to do that.. Perhaps all you need to do is to turn off SASL payload encryption. SASL authentication with an SSL connection should work ok.
