Hi folks, I have sasl-gssapi installed. But to use any ldap clients like ldapsearch or ldapmodify, I must specify "-Y GSSAPI" , else I get a "no mechanism available" error. Is this an "Identity Mapping" problem, an ldap.conf problem, or is it "as designed"? My ldap.conf man page says that "SASL_MECH" is a per-user setting in .ldaprc, so I worry that my services without a login will not use LDAP correctly. I read http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Introduction_to_SASL-SA SL_Identity_Mapping.html and the next section on "Realms" but the docs don't say if one should actually put "cn=gssapi,cn=auth" into the SASL map. Thanks! *************************** *************************** *************************** [installer at trixter ~]$ ldapsearch -V ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.34 (Nov 2 2007 08:16:21) $ kojibuilder at xenbuilder2.fedora.redhat.com:/builddir/build/BUILD/openldap-2.3 .34/openldap-2.3.34/build-clients/clients/tools (LDAP library: OpenLDAP 20333) SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: *************************** *************************** *************************** [installer at trixter ~]$ ldapsearch -V -Y GSSAPI > /dev/null ldapsearch: @(#) $OpenLDAP: ldapsearch 2.3.34 (Nov 2 2007 08:16:21) $ kojibuilder at xenbuilder2.fedora.redhat.com:/builddir/build/BUILD/openldap-2.3 .34/openldap-2.3.34/build-clients/clients/tools (LDAP library: OpenLDAP 20333) SASL/GSSAPI authentication started SASL username: installer at HYMESRUZICKA.ORG SASL SSF: 56 SASL installing layers