Postfix, SASL and LDAPDB: no worthy mech found

Dieter Kluenter dieter at
Sun May 23 07:40:24 EDT 2010

Julien Vehent <julien at> writes:

> On Fri, 21 May 2010 15:52:40 +0200, "Dieter Kluenter"
> <dieter at> wrote:
>> try ldapsearch -x -H ldap://<host> -b "" -s base
>> suppportedSASLMechanisms
>> Mostlikely SASL PLAIN mechanism is not available.
>> Because OpenLDAP only supports PLAIN in a protected network
>> environment, that is either TLS or ldapi
> Your command doesn't seem to work, but the following one is:

Why not, what is the error?
> # ldapsearch -b "" -s base + -Z -U postfix

Here you initialize startTLS, as this is a secure session, all
available SASL Mechanisms are shown. The main purpose is to debug
ldapdb, so please connect to the directory the way ldapdb is
configured to operate. It doesn't make sense to run startTLS and a
DIGEST-MD5 authentication, if ldapdb only uses PLAIN and no


Dieter Klünter | Systemberatung
sip: +49.40.20932173

More information about the Cyrus-sasl mailing list