Postfix, SASL and LDAPDB: no worthy mech found

Julien Vehent julien at linuxwall.info
Sun May 23 06:49:33 EDT 2010


On Fri, 21 May 2010 15:52:40 +0200, "Dieter Kluenter"
<dieter at dkluenter.de> wrote:
> 
> try ldapsearch -x -H ldap://<host> -b "" -s base
> suppportedSASLMechanisms
> Mostlikely SASL PLAIN mechanism is not available.
> Because OpenLDAP only supports PLAIN in a protected network
> environment, that is either TLS or ldapi
> 

Your command doesn't seem to work, but the following one is:

# ldapsearch -b "" -s base + -Z -U postfix

ldap_start_tls: Connect error (-11)
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: postfix
SASL SSF: 128
SASL data security layer installed.
# extended LDIF
#
# LDAPv3
# base <> with scope baseObject
# filter: (objectclass=*)
# requesting: +
#

#
dn:
structuralObjectClass: OpenLDAProotDSE
configContext: cn=config
namingContexts: dc=linuxwall,dc=info
supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
supportedControl: 2.16.840.1.113730.3.4.18
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.1
supportedControl: 1.2.840.113556.1.4.319
supportedControl: 1.2.826.0.1.3344810.2.3
supportedControl: 1.3.6.1.1.13.2
supportedControl: 1.3.6.1.1.13.1
supportedControl: 1.3.6.1.1.12
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedExtension: 1.3.6.1.1.8
supportedFeatures: 1.3.6.1.1.14
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 3
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: CRAM-MD5
entryDN:
subschemaSubentry: cn=Subschema

# search result
search: 5
result: 0 Success

# numResponses: 2
# numEntries: 1




Looks alright to me...



More information about the Cyrus-sasl mailing list