Re: SASL Chaos?
On Saturday 09 November 2002 06:17 pm, Steve Langasek wrote:
> On Sun, Nov 10, 2002 at 03:13:30AM +0100, Erich Schubert wrote:
> > I've been trying to get SASL working - and i'm stuck.
> > Documentation is a chaos; the package has lots of open bugs;
> > openldap is sasl enabled, but doesn't contain a sasl config file;
> > the sasl config file seems to go to /usr/lib/sasl (WTF?)
> >
> > Can someone give me some hints how to use LDAP+SASL (i'm annoyed of
> > giving LDAP the -x flag all the time... ;)
>
> AFAIK, slapd will automatically use whatever SASL modules are installed
> if the client requests SASL authentication. It Works For Me, without
> any additional configuration.
>
FWIW, I haven't been able to get this working, either. I've installed
libsasl-modules-plain and libsasl-digestmd5-des. Whenever I try to use SASL
with OpenLDAP, I always get one of two errors:
'ldap_sasl_interactive_bind_s: Authentication method not supported'
(when I try to use DIGEST-MD5 or CRAM-MD5. Note that I also get a
'SASL/{CRAM,DIGEST}-MD5 authentication started' message, which is absent from
the output with other mechanisms)
or
'ldap_sasl_interactive_bind_s: Unknown authentication method'
(when try PLAIN, LOGIN, or ANONYMOUS)
I checked slapd.conf(5), added 'sasl-secprops none' to /etc/ldap/slapd.conf,
and restarted slapd. It still doesn't work.
This is particularly infuriating, because slapd claims that it supports LOGIN,
PLAIN, and ANONYMOUS:
-- snip --
$ ldapsearch -h localhost -x -s base -LLL supportedSASLMechanisms
dn:
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: ANONYMOUS
-- snip --
Does anyone know how to resolve this quandry?
--
"das ist liebe, das ist hass / mit eifersucht vermahlen"
Reply to: