Yu Joe wrote:
Dear all
I tried to make my FDS work with sasl(digest-md5)+SSL. I can get
correct result by "ldapsearch -Y digest-md5 -U sasl1 ..." or
"ldapsearch -x -D 'cn=Directory Manager' -W -H
ldaps://rhds.example.com...".
But I got the error message such as "*sasl encryption not supported
over ssl"*, when I execute command like "ldapsearch -Y digest-md5 -U
sasl1 -H ldaps://rhds.example.com ...". Some of my friends tell me
this works on openldap. So I suggest it must be also working on FDS.
Is that right? If so, what's the probably reason causes this error? Or
it just really don't support? Please helps, thanks a lot.
No, it really doesn't work. But why are you wanting both SSL and SASL
privacy ?
For the curious, the way the SSL I/O is layered in the server is not
compatible with
the implementation of SASL encryption (they're both trying to layer at
the same place
in the I/O stack). With sufficient motivation I suspect that SASL over
SSL could be done,
but the question is why would anyone want to do that..
Perhaps all you need to do is to turn off SASL payload encryption. SASL
authentication
with an SSL connection should work ok.
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
