[sorry for the long post; I'm leaving the original posting in tact to provide context]
Thank you very much for the reply. I ran the command you supplied, and received (in part): supportedLDAPVersion: 3 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 I don't see 'external', so am I correct in assuming TLS/SSL can not be used? Thanks tl -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chapman, Kyle Sent: Tuesday, March 27, 2007 11:43 AM To: [email protected] Subject: RE: Can't make SLES 9 OpenLDAP work with TLS/SSL im guessing it's a typo with your sasl search, -x enables simple auth. Try this: Ldapsearch -x -H ldap://<fqdn> -Z -s base -b "" "+" You should get a listing of supported sasl mechs supportedLDAPVersion: 3 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: OTP supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 Etc... External is cert based so you also may need to configure ldap.conf with the location of your client based cert if you are doing mutual cert auth as well (.ldaprc could be used as well). -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, March 27, 2007 10:17 AM To: [email protected] Subject: Can't make SLES 9 OpenLDAP work with TLS/SSL [I posted this to the Novell novell.support.sles.configure-administer discussion group, but have not received any response. As I have an end-of-week deadline to get this working, I'm re-posting it to this mailing list, with apologies.] Hi I'm trying to use the SLES 9 SP3 OpenLDAP server with TLS. I've read the LDAP chapter (Chapter 21) of the 'SuSE Linux Enterprise Server 9 Administration and Installation Guide', as well as much of "OpenLDAP Software 2.3 Administrator's Guide". I've used the YaST LDAP Server Configuration utility, and have enabled TLS support. When I run ldapsearch with simple authentication, the command does return the request output: # ldapsearch -x -b dc=backup But then I run the command in the default SASL mode, I get: # ldapsearch -x -b dc=backup SASL/DIGEST-MD5 authentication started Please enter your password: ldap_sasl_interactive_bind_s: Internal (implementation specific) error (80) additional info: SASL(-13): user not found: no secret in database # I see two problems: 1) DIGEST-MD5 is being used, and believe I want EXTERNAL (which, I think, calls TLS) to be used. I see that /usr/lib/sasl2/slapd.conf contains "mech_list: gssapi digest-md5 cram-md5". I don't see 'external' in the list. Should I just add it? If so, why wasn't this done by YaST automatically? 2) the error message contains, "user not found: no secret in database". What users is being referred to, and what/where is this database? Finally, I've noted what could be a bug. The sample applications (sample_client and sample_server) are not present in the SLES 9 'cyrus- sasl' package, but they are present in the SLES 10 'cyrus-sasl' package. If this is documented somewhere, please point me to it. I sure don't find what I need in the SLES documentation. Thanks for the help! tl Terry Lemons Backup Platforms Group EMC² where information lives 4400 Computer Drive, MS D239 Westboro MA 01580 Phone: 508 898 7312 Email: [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED] NOTICE: This E-mail may contain confidential information. If you are not the addressee or the intended recipient please do not read this E-mail and please immediately delete this e-mail message and any attachments from your workstation or network mail system. If you are the addressee or the intended recipient and you save or print a copy of this E-mail, please place it in an appropriate file, depending on whether confidential information is contained in the message. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
