I was able to get the EXTERNAL mechanism listed: [EMAIL PROTECTED]:~$ ldapsearch -x -H ldaps:/// -b "" -LLL -s base supportedSASLMechanisms dn: supportedSASLMechanisms: LOGIN supportedSASLMechanisms: PLAIN supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: NTLM supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: EXTERNAL
I've used the following options in slapd.conf: TLSCACertificateFile /etc/ssl/certs/cacert.pem TLSCertificateFile /etc/ssl/certs/t-sasl.vmnet.pem TLSCertificateKeyFile /etc/ssl/private/t-sasl.vmnet.key TLSVerifyClient demand and the following options in .ldaprc: TLS_CACERT /etc/ssl/certs/cacert.pem TLS_CERT /home/mathiaz/t-client.vmnet.pem TLS_KEY /home/mathiaz/t-client.vmnet.key I've use a properly PKI to create the certificates: cacert.pem is a self-signed certifcate. t-sasl.vmnet.pem and t-client.vmnet.pem are certificate signed by cacert.pem. Using a self-signed certificate on the client won't work (ldapsearch doesn't send self-signed certificates). -- Hardy slapd server is not supporting sasl/external authentication https://bugs.launchpad.net/bugs/249881 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
