"Zohar Lev Shani" <[EMAIL PROTECTED]> writes: > OK, got that. > > Now I am trying a different SASL configuration, and I have these > mechanisms available: > >> ldapsearch -h localhost:9999 -x -b '' supportedSASLMechanisms -s base -LLL > dn: > supportedSASLMechanisms: LOGIN > supportedSASLMechanisms: PLAIN > > With the same data, I tried running ldapsearch with SASL and got that > there are no SASL mechanisms available. > >> ldapsearch -h localhost:9999 -Y PLAIN -U user1 -w pass1 -LLL -b >> cn=user1,cn=users,dc=my-domain,dc=com > ldap_sasl_interactive_bind_s: Unknown authentication method (-6) > additional info: SASL(-4): no mechanism available: No worthy mechs > found > > Same goes for '-Y LOGIN'. > > What am I missing here?
OpenLDAP only supports PLAIN and LOGIN if data transport is secured that is either by TLS or local pipe. Install sasl libdigestmd5 and libcrammd5 to provide shared secret security. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6