Am Mon, 31 Aug 2015 19:43:39 -0400 schrieb Frank Crow <[email protected]>:
> Hi, > > I'm trying to configure OpenLDAP 2.4.23 (running on RHEL6.5) to use > client-side certificates via the SASL/EXTERNAL mechanism. I have > successfully configured server-side certs with TLS and was wanting to > expand my configuration on the client-side. > > If set the TLSClientVerify to "allow" or "try" and attempt to use "-Y > EXTERNAL", I get the following message: > > SASL/EXTERNAL authentication started > ldap_sasl_interactive_bind_s: Unknown authentication method (-6) > additional info: SASL (-4): no mechaism available: > > > If I do a search on the DSE, I get the following available methods: > > dn: > supportedSASLMechanisms: GSSAPI > supportedSASLMechanisms: LOGIN > supportedSASLMechanisms: CRAM-MD5 > supportedSASLMechanisms: DIGEST-MD5 > supportedSASLMechanisms: PLAIN > > > I know that other people are using this but nobody (here at work) > knows why my particular configuration is getting this error. Can > anyone help me figure this out? It seems you have not initialised a TLS session, that is, either startTLS on port 389 or without starttls on secure port 636 ldapsearch -LLL -Y EXTERNAL -ZZ -H ldap://localhost -b "" -s base supportedSASLMechanisms SASL/EXTERNAL authentication started SASL username: xxxxx SASL SSF: 0 dn: supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: SCRAM-SHA-1 -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
