Server: OpenLDAP 2.3.32, CentOS 4.4, x86_64, userPassword={SSHA}xxxxx.
Client: OS-X 10.4.9 (Intel), with TLS.Hopefully there are some folks on this list that have visited this one. I have used OpenLDAP for a long time, but am new to OS-X in this context. Everything works perfectly (uid<->name, gid<->name, automount, ldapsearch, etc etc), except...
It appears that the OS-X login window (or an ssh that requires a password) causes an attempted SASL bind to the LDAP server, which fails (expected, in this case). I have used an ACL to hide supportedSASLMechanisms, which for now allows folks to log in by bypassing the SASL bind and performing a simple bind. However, shouldn't OS-X fall back to a simple bind if the SASL bind does not work? It doesn't, and I can't see any way to configure that on the client.
I don't really want to block usage of SASL just because of OSX, but configuration of SASL is not possible at present for other reasons. Perhaps there is a way to tell OS-X not to attempt the SASL bind in the first place?
I also see the first TLS connection rejected, followed immediately by a successful connection, but I'm less concerned about that right now. TIA, Steve ---------------------------------------------------------------------------- Steve Thompson E-mail: smt AT vgersoft DOT com Voyager Software LLC Web: http://www DOT vgersoft DOT com 39 Smugglers Path VSW Support: support AT vgersoft DOT com Ithaca, NY 14850 "186,300 miles per second: it's not just a good idea, it's the law" ---------------------------------------------------------------------------- --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
