[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SASL Chaos?

On Sat, Nov 09, 2002 at 07:42:22PM -0800, Ian Eure wrote:

> > AFAIK, slapd will automatically use whatever SASL modules are installed
> > if the client requests SASL authentication.  It Works For Me, without
> > any additional configuration.

> FWIW, I haven't been able to get this working, either. I've installed 
> libsasl-modules-plain and libsasl-digestmd5-des. Whenever I try to use SASL 
> with OpenLDAP, I always get one of two errors:	

> 'ldap_sasl_interactive_bind_s: Authentication method not supported'
> (when I try to use DIGEST-MD5 or CRAM-MD5. Note that I also get a 
> 'SASL/{CRAM,DIGEST}-MD5 authentication started' message, which is absent from 
> the output with other mechanisms)
> or
> 'ldap_sasl_interactive_bind_s: Unknown authentication method'
> (when try PLAIN, LOGIN, or ANONYMOUS)

> I checked slapd.conf(5), added 'sasl-secprops none' to /etc/ldap/slapd.conf, 
> and restarted slapd. It still doesn't work.

Hmm, then I suspect the problem you're having is actually that you
haven't configured the authentication database for these SASL modules
(/etc/sasldb).  The only SASL mechanism I use is GSSAPI, so I'm not
likely to be much help with the other mechs, but I do see a 'saslpasswd'
command on my system which might have something to do with it all.

Steve Langasek
postmodern programmer

Attachment: pgp49fQQsuQPj.pgp
Description: PGP signature

Reply to: