On 12/30/14 10:52 +0100, Gabriele Bulfon wrote: >So, first I changed openldap configuration with "sasl-secprops none" to have also plain auth enabled. >Running pluginviewer to see the plugins: >sonicle@www:~$ pluginviewer -m PLAIN >List of server plugins follows >Plugin "plain" [loaded], API version: 4 >List of client plugins follows >Plugin "plain" [loaded], API version: 4 >sonicle@www:~$ ldapsearch -xLLLH 'ldap://localhost/' -s base -b '' 'supportedSASLMechanisms' >dn: >supportedSASLMechanisms: SCRAM-SHA-1 >supportedSASLMechanisms: GS2-IAKERB >supportedSASLMechanisms: GS2-KRB5 >supportedSASLMechanisms: GSSAPI >supportedSASLMechanisms: DIGEST-MD5 >supportedSASLMechanisms: OTP >supportedSASLMechanisms: CRAM-MD5 >supportedSASLMechanisms: PLAIN >supportedSASLMechanisms: ANONYMOUS >Now, try plain auth doing a earch of an existing user: >sonicle@www:~$ ldapsearch -Y PLAIN -U test.user@xxxxxxxxxxx -H ldap://localhost -W >Enter LDAP Password: >ldap_sasl_interactive_bind_s: Unknown authentication method (-6) >additional info: SASL(-4): no mechanism available: No worthy mechs found >Can't find a reason for ldapsearch not finding the plain mech. Odd. Add a '-d -1' to get more detail. See the ldap.conf(5) manpage, and verify you don't have any conflicting options set via relevant ENVIRONMENT VARIABLES or FILES. Check your syslog for any additional details (auth facility). >Also, slapd has been built with sasl: >sonicle@www:~$ ldd /sonicle/libexec/slapd >libdb-4.8.so =/sonicle/lib/libdb-4.8.so >libpthread.so.1 =/lib/libpthread.so.1 >libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 >libdl.so.1 =/lib/libdl.so.1 >libssl.so.0.9.8 =/lib/libssl.so.0.9.8 >libcrypto.so.0.9.8 =/lib/libcrypto.so.0.9.8 >libresolv.so.2 =/lib/libresolv.so.2 >libgen.so.1 =/lib/libgen.so.1 >libnsl.so.1 =/lib/libnsl.so.1 >libsocket.so.1 =/lib/libsocket.so.1 >libc.so.1 =/lib/libc.so.1 >libgcc_s.so.1 =/usr/sfw/lib/libgcc_s.so.1 >libmd.so.1 =/lib/libmd.so.1 >libmp.so.2 =/lib/libmp.so.2 >libm.so.2 =/lib/libm.so.2 How about your libldap library and client utilities? Do they have access to libsasl2 and the PLAIN shared library/mechanism? Try: ldd `which ldapsearch` And verify that the linked sasl library is the same as for slapd, or if not, uses a good libsasl installation. Also, you may want to try ldapsearch from another system with a known good sasl installation. -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
