[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SASL Chaos?

On Saturday 09 November 2002 06:17 pm, Steve Langasek wrote:
> On Sun, Nov 10, 2002 at 03:13:30AM +0100, Erich Schubert wrote:
> > I've been trying to get SASL working - and i'm stuck.
> > Documentation is a chaos; the package has lots of open bugs;
> > openldap is sasl enabled, but doesn't contain a sasl config file;
> > the sasl config file seems to go to /usr/lib/sasl (WTF?)
> >
> > Can someone give me some hints how to use LDAP+SASL (i'm annoyed of
> > giving LDAP the -x flag all the time... ;)
> AFAIK, slapd will automatically use whatever SASL modules are installed
> if the client requests SASL authentication.  It Works For Me, without
> any additional configuration.
FWIW, I haven't been able to get this working, either. I've installed 
libsasl-modules-plain and libsasl-digestmd5-des. Whenever I try to use SASL 
with OpenLDAP, I always get one of two errors:	

'ldap_sasl_interactive_bind_s: Authentication method not supported'
(when I try to use DIGEST-MD5 or CRAM-MD5. Note that I also get a 
'SASL/{CRAM,DIGEST}-MD5 authentication started' message, which is absent from 
the output with other mechanisms)
'ldap_sasl_interactive_bind_s: Unknown authentication method'

I checked slapd.conf(5), added 'sasl-secprops none' to /etc/ldap/slapd.conf, 
and restarted slapd. It still doesn't work.

This is particularly infuriating, because slapd claims that it supports LOGIN, 

-- snip --
$ ldapsearch -h localhost -x -s base -LLL supportedSASLMechanisms
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: ANONYMOUS
-- snip --

Does anyone know how to resolve this quandry?

"das ist liebe, das ist hass / mit eifersucht vermahlen"

Reply to: