On 06/15/2011 07:02 AM, Gioachino Bartolotta wrote: > Hi! > > Just a little problem about saslauthd with 389. > When I try to execute: > > ldapsearch -d 1 -D "cn=Directory Manager" -h dirsrv01.dominio -w > secret -ZZ '(uid=u01209)' > > it returns > > ldap_sasl_interactive_bind_s: server supports: EXTERNAL GSSAPI PLAIN > LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5 > ldap_int_sasl_bind: EXTERNAL GSSAPI PLAIN LOGIN CRAM-MD5 ANONYMOUS DIGEST-MD5 > ldap_int_sasl_open: host=dirsrv01.dominio > SASL/EXTERNAL authentication started > ldap_perror > ldap_sasl_interactive_bind_s: Unknown authentication method (-6) > additional info: SASL(-4): no mechanism available: > > > I configured /etc/sysconfig/saslauthd in this way > ------------------------- > # Directory in which to place saslauthd's listening socket, pid file, and so > # on. This directory must already exist. > SOCKETDIR=/var/run/saslauthd > > # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list > # of which mechanism your installation was compiled with the ablity to use. > # MECH=pam > MECH=ldap > START=yes > # Additional flags to pass to saslauthd on the command line. See saslauthd(8) > # for the list of accepted flags. > FLAGS= > --------------------------------------------------- > > What it's wrong?? I'm not sure. What are you using saslauthd for? Are you trying to allow clients to use simple bind with their Kerberos passwords, rather than use the password in the LDAP server? If so, then you should use 389 with the PAM Pass-Through Auth plugin, and setup pam_krb5. > This is the configuration of /etc/openldap/ldap.conf > ------------------------------------------ > #SIZELIMIT 12 > #TIMELIMIT 15 > #DEREF never > URI ldap://dirsrv01.dominio/ > BASE dc=dominio > TLS_CACERTDIR /etc/openldap/cacerts > TLS_REQCERT allow > ssl tls_start > --------------------------------------------------------- > > Any Idea? > > Regards -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
