Sponsoring a canon_user plugin for LDAP lookup
Howard Chu
hyc at highlandsun.com
Mon Mar 12 17:03:35 EST 2007
Torsten Schlabach wrote:
> Hi Dan!
>
> Thank you for taking the time for that detailed writeup.
>
> I have taken a blank server with a fresh Debian Etch installation and
> installed the very same packages you did. I did not yet apply the
> patches as I wanted to make sure I get all that stuff right out of the
> box before I did into canonicalization.
>
> Here is where I got stuck:
>
> cyrus at Debian-pre40-64-minimal:~$ ldapwhoami -Y EXTERNAL \
> > -U gidNumber=8+uidNumber=104,cn=peercred,cn=external,cn=auth \
> > -X u:dwhite SASL/EXTERNAL
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
The -U flag is not meaningful with SASL/EXTERNAL. The "SASL/EXTERNAL" at
the end of your command is erroneous. (In Dan's email it was merely a
mis-wrapped line of text output.)
The EXTERNAL mechanism is only valid when you use an LDAP session that
has an out-of-band mechanism for transmitting the client credentials to
the server. That usually means a client certificate for TLS or IPSEC, or
an ldapi:// session. You didn't specify any ldapi:// URI here and you
didn't show what's in your ldap.conf file so presumably it's not using
ldapi.
>
> I do have the modules installed (which I know is a common gotcha):
>
> cyrus at Debian-pre40-64-minimal:~$ dpkg --get-selections | grep sasl
> libsasl2 install
> libsasl2-2 install
> libsasl2-modules install
> libsasl2-modules-ldap install
>
> Any idea what I am missing?
>
> Do you have a 32 or 64 bit system?
>
> Regards,
> Torsten
>
>
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the Cyrus-sasl
mailing list