Re: Sponsoring a canon_user plugin for LDAP lookup

From: Howard Chu (no email)
Date: Mon Mar 12 2007 - 18:03:35 EDT

  • Next message: Dan White: "Re: Sponsoring a canon_user plugin for LDAP lookup"

    Torsten Schlabach wrote:
    > Hi Dan!
    >
    > Thank you for taking the time for that detailed writeup.
    >
    > I have taken a blank server with a fresh Debian Etch installation and
    > installed the very same packages you did. I did not yet apply the
    > patches as I wanted to make sure I get all that stuff right out of the
    > box before I did into canonicalization.
    >
    > Here is where I got stuck:
    >
    > cyrus at Debian-pre40-64-minimal:~$ ldapwhoami -Y EXTERNAL \
    > > -U gidNumber=8+uidNumber=104,cn=peercred,cn=external,cn=auth \
    > > -X u:dwhite SASL/EXTERNAL
    > SASL/EXTERNAL authentication started
    > ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
    > additional info: SASL(-4): no mechanism available:

    The -U flag is not meaningful with SASL/EXTERNAL. The "SASL/EXTERNAL" at
    the end of your command is erroneous. (In Dan's email it was merely a
    mis-wrapped line of text output.)

    The EXTERNAL mechanism is only valid when you use an LDAP session that
    has an out-of-band mechanism for transmitting the client credentials to
    the server. That usually means a client certificate for TLS or IPSEC, or
    an ldapi:// session. You didn't specify any ldapi:// URI here and you
    didn't show what's in your ldap.conf file so presumably it's not using
    ldapi.

    >
    > I do have the modules installed (which I know is a common gotcha):
    >
    > cyrus at Debian-pre40-64-minimal:~$ dpkg --get-selections | grep sasl
    > libsasl2 install
    > libsasl2-2 install
    > libsasl2-modules install
    > libsasl2-modules-ldap install
    >
    > Any idea what I am missing?
    >
    > Do you have a 32 or 64 bit system?
    >
    > Regards,
    > Torsten
    >
    >

    -- 
       -- Howard Chu
       Chief Architect, Symas Corp.  http://www.symas.com
       Director, Highland Sun        http://highlandsun.com/hyc
       Chief Architect, OpenLDAP     http://www.openldap.org/project/
    

  • Next message: Dan White: "Re: Sponsoring a canon_user plugin for LDAP lookup"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD