Re: How to make anonymous SASL work?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I tried ldapsearch, but it seems to fail quite basicly:

[root@langham ~]# ldapsearch -D "cn=admin" -w fidelio77 -b "fashioncontent.com" cn=hvendelbo
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:
[root@langham ~]# ldapsearch -X -Y
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
        additional info: SASL(-4): no mechanism available:



Date: Sun, 17 Sep 2006 09:53:11 -0600
From: Richard Megginson <rmeggins@xxxxxxxxxx>



devel - Fashion Content wrote:

As I understand the message I need to configure some protocol
on the server, but I have no idea where or how??


It looks like you're using the OpenLDAP version of ldapsearch and don't
have SAASL auth set up on the server.
Yes, but how do I set up SASL auth. What doc describes it in less than 100 pages. 
Also, why shouldnt the OpenLDAP client be able to talk to Fedora DS ?

It is - see below

You can either pass the "-x" switch to ldapsearch to use plaintext auth,
ot use the ldapsearch that comes with the directory server (probably in
/opt/fedora-ds/shared/bin).

/usr/bin/ldapsearch -x -D "bind dn" -w bindpassword .....
ldapsearch by default will attempt a SASL bind, using the best mechanism available. To disable this behavior, and force the openldap command line tools to use SIMPLE binddn/password auth, you have to specify the -x argument.
By the way, I think it's a bug that your server advertised the SASL/EXTERNAL mechanism here; that mech should only be offered when there is actually an external security system in place (e.g. IPSEC or TLS). It appears this was a plain, unprotected connection. A mech shouldn't be listed in the supportedSASLmechanisms list if requesting it will in fact fail with "no mechanism available"... 

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux