The supported SASL mechanisms are CRAM-MD5 and DIGEST-MD5 [tkeith@kif ~]$ ldapsearch -x -H ldap://localhost -b "" -s base supportedSASLMechanisms # extended LDIF # # LDAPv3 # base <> with scope baseObject # filter: (objectclass=*) # requesting: supportedSASLMechanisms #
# dn: supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: DIGEST-MD5 # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 But this returns : no mechanism available: ldapwhoami -v -ZZZ -Y EXTERNAL -h localhost ldap_initialize( ldap://localhost ) SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: Tim On Fri, Jan 22, 2016 at 11:36 AM, Quanah Gibson-Mount <[email protected]> wrote: > Please keep replies to the list. > > --Quanah > > > --On Friday, January 22, 2016 11:26 AM -0600 Timothy Keith > <[email protected]> wrote: > >> ldapwhoami -v -ZZ -Y EXTERNAL -h localhost >> ldap_initialize( ldap://localhost ) >> SASL/EXTERNAL authentication started >> ldap_sasl_interactive_bind_s: Unknown authentication method (-6) >> additional info: SASL(-4): no mechanism available: >> >> >> ldapsearch -h localhost -LLL -Y EXTERNAL -b "" -s base + >> SASL/EXTERNAL authentication started >> ldap_sasl_interactive_bind_s: Unknown authentication method (-6) >> additional info: SASL(-4): no mechanism available: >> >> >> Tim >> >> On Fri, Jan 22, 2016 at 10:10 AM, Quanah Gibson-Mount <[email protected]> >> wrote: >>> >>> --On Friday, January 22, 2016 9:38 AM -0600 Timothy Keith >>> <[email protected]> wrote: >>> >>>> The first attempt fails : >>>> >>>> ldapwhoami -v -ZZ -Y EXTERNAL >>>> ldap_initialize( <DEFAULT> ) >>>> ldap_start_tls: Connect error (-11) >>>> additional info: TLS: hostname does not match CN in peer >>>> certificate >>> >>> >>> >>> Why do you expect this to work? You failed to supply -H with a valid >>> ldap:// URI. >>> >>>> This also fails : >>>> >>>> ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base + >>>> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) >>> >>> >>> >>> Why do you expect this to work? You passed -H without providing a host. >>> >>> --Quanah >>> >>> >>>> >>>> Tim >>>> >>>> >>>> On Thu, Jan 21, 2016 at 7:43 PM, Sergio NNX <[email protected]> >>>> wrote: >>>>>> >>>>>> >>>>>> My scenario is relatively simple. >>>>> >>>>> >>>>> Simple, but it doesn't work, right? >>>>> >>>>> Are you after something similar to the output below? >>>>> >>>>> ldapwhoami -v -ZZ -Y EXTERNAL >>>>> >>>>> SASL/EXTERNAL authentication started >>>>> SASL username: 2.5.4.13=End User Certificate (OpenLDAP >>>>> 2.4.43),2.5.4.5=1234-2015 >>>>> -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT >>>>> Solutions,l=Westminster,st=Lon >>>>> don,c=GB,[email protected],0.9.2342.19200300.100.1.1=Administrator, >>>>> dc =EU,cn=A dministrator >>>>> SASL SSF: 0 >>>>> dn:description=end user certificate (openldap >>>>> 2.4.43),serialNumber=1234-2015-uk, >>>>> title=mr,ou=finance department,o=matear.eu it >>>>> solutions,l=westminster,st=london, >>>>> c=gb,[email protected],uid=administrator,dc=eu,cn=administrator >>>>> Result: Success (0) >>>>> >>>>> >>>>> ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base + >>>>> >>>>> SASL/EXTERNAL authentication started >>>>> SASL username: 2.5.4.13=End User Certificate (OpenLDAP >>>>> 2.4.43),2.5.4.5=1234-2015 >>>>> -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT >>>>> Solutions,l=Westminster,st=Lon >>>>> don,c=GB,[email protected],0.9.2342.19200300.100.1.1=Administrator, >>>>> dc =EU,cn=A dministrator >>>>> >>>>> >>>>> SASL SSF: 0 >>>>> dn: >>>>> structuralObjectClass: OpenLDAProotDSE >>>>> configContext: cn=config >>>>> monitorContext: cn=Monitor >>>>> namingContexts: dc=my-domain,dc=com >>>>> supportedControl: 1.3.6.1.4.1.4203.1.9.1.1 >>>>> supportedControl: 2.16.840.1.113730.3.4.18 >>>>> supportedControl: 2.16.840.1.113730.3.4.2 >>>>> supportedControl: 1.3.6.1.4.1.4203.1.10.1 >>>>> supportedControl: 1.3.6.1.1.22 >>>>> supportedControl: 1.2.840.113556.1.4.319 >>>>> supportedControl: 1.2.826.0.1.3344810.2.3 >>>>> supportedControl: 1.3.6.1.1.13.2 >>>>> supportedControl: 1.3.6.1.1.13.1 >>>>> supportedControl: 1.3.6.1.1.12 >>>>> supportedExtension: 1.3.6.1.4.1.1466.20037 >>>>> supportedExtension: 1.3.6.1.4.1.4203.1.11.1 >>>>> supportedExtension: 1.3.6.1.4.1.4203.1.11.3 >>>>> supportedExtension: 1.3.6.1.1.8 >>>>> supportedFeatures: 1.3.6.1.1.14 >>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 >>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 >>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 >>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 >>>>> supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 >>>>> supportedLDAPVersion: 3 >>>>> supportedSASLMechanisms: SRP >>>>> supportedSASLMechanisms: SCRAM-SHA-1 >>>>> supportedSASLMechanisms: GSSAPI >>>>> supportedSASLMechanisms: GSS-SPNEGO >>>>> supportedSASLMechanisms: DIGEST-MD5 >>>>> supportedSASLMechanisms: EXTERNAL >>>>> supportedSASLMechanisms: OTP >>>>> supportedSASLMechanisms: CRAM-MD5 >>>>> supportedSASLMechanisms: NTLM >>>>> supportedSASLMechanisms: LOGIN >>>>> supportedSASLMechanisms: PLAIN >>>>> entryDN: >>>>> subschemaSubentry: cn=Subschema >>>>> >>>> >>> >>> >>> >>> -- >>> >>> Quanah Gibson-Mount >>> Platform Architect >>> Zimbra, Inc. >>> -------------------- >>> Zimbra :: the leader in open source messaging and collaboration > > > > > -- > > Quanah Gibson-Mount > Platform Architect > Zimbra, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration
