Postfix, SASL and LDAPDB: no worthy mech found

Dieter Kluenter dieter at dkluenter.de
Sun May 23 07:40:24 EDT 2010


Julien Vehent <julien at linuxwall.info> writes:

> On Fri, 21 May 2010 15:52:40 +0200, "Dieter Kluenter"
> <dieter at dkluenter.de> wrote:
>> 
>> try ldapsearch -x -H ldap://<host> -b "" -s base
>> suppportedSASLMechanisms
>> Mostlikely SASL PLAIN mechanism is not available.
>> Because OpenLDAP only supports PLAIN in a protected network
>> environment, that is either TLS or ldapi
>> 
>
> Your command doesn't seem to work, but the following one is:

Why not, what is the error?
>
> # ldapsearch -b "" -s base + -Z -U postfix

Here you initialize startTLS, as this is a secure session, all
available SASL Mechanisms are shown. The main purpose is to debug
ldapdb, so please connect to the directory the way ldapdb is
configured to operate. It doesn't make sense to run startTLS and a
DIGEST-MD5 authentication, if ldapdb only uses PLAIN and no
startTLS. 

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: +49.40.20932173
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6


More information about the Cyrus-sasl mailing list