Bug#861212: nslcd: certificate authentication fails with Unknown authentication method: SASL(-4)

Makes sense to me! Thank you for all your work supporting debian ;) Matt > On May 6, 2017, at 11:17 AM, Arthur de Jong wrote: > >> On Thu, 2017-05-04 at 23:01 -0700, Matt Weatherford wrote: >> Update: I logged this bug further down the stack, as it was also >> affecting

Bug#861212: nslcd: certificate authentication fails with Unknown authentication method: SASL(-4)

On Thu, 2017-05-04 at 23:01 -0700, Matt Weatherford wrote: > Update:  I logged this bug further down the stack, as it was also  > affecting the "ldap-utils" package (ldapsearch and ldapwhoami also) > > I got some feedback that led us to determine that our LDAP server on  > CentOS was offering up

Bug#861212: nslcd: certificate authentication fails with Unknown authentication method: SASL(-4)

Update: I logged this bug further down the stack, as it was also affecting the "ldap-utils" package (ldapsearch and ldapwhoami also) I got some feedback that led us to determine that our LDAP server on CentOS was offering up a LOT of certificate options... scaling those back made the system

Bug#861212: nslcd: certificate authentication fails with Unknown authentication method: SASL(-4)

Arthur, Thanks for the tips I put several hours in to this problem today and am still stumped. Now I am simply trying to connect to our university's openLDAP server with PASSWORD auth, and that fails. It fails on Debian 8 and Debian 9 but works on a colleague's Debian 7 Raspberry PI. Here

Bug#861212: nslcd: certificate authentication fails with Unknown authentication method: SASL(-4)

On Thu, 2017-04-27 at 20:25 -0700, Matt Weatherford wrote: > Im sure you have many, many other projects going but I am motivated > to solve this problem - is there anything else I can try on my > side?  I've sent you nslcd debug info ...  anything else I can do? Sorry for not replying sooner.

Bug#861212: nslcd: certificate authentication fails with Unknown authentication method: SASL(-4)

Arthur, Im sure you have many, many other projects going but I am motivated to solve this problem - is there anything else I can try on my side? I've sent you nslcd debug info ... anything else I can do? do you know of anyone who has a working cert-based auth on debian 9? thanks, Matt

Bug#861212: nslcd: certificate authentication fails with Unknown authentication method: SASL(-4)

one other thought here I generated the certificate signing request (CSR) for the certs using openssl like this: openssl req -new -nodes -newkey rsa:4096 -keyout hostname.key -out hostname.csr I thought I read somewhere that openssl was no longer recommended for debian certs

Bug#861212: nslcd: certificate authentication fails with Unknown authentication method: SASL(-4)

Arthur, Thank you for your quick response - I really appreciate that Does running nslcd in debug mode provide more information? Heres the debug output: nslcd: [8b4567] DEBUG: connection from pid=9817 uid=0 gid=0 nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable

Bug#861212: nslcd: certificate authentication fails with Unknown authentication method: SASL(-4)

On Tue, 2017-04-25 at 16:53 -0700, Matt Weatherford wrote: > debian 7 install works fine with certificate auth. > Debian 9 install with same config files appears to not work and > throws these erros: > > Apr 25 16:41:08 nori nslcd[1376]: [52255a] failed to > bind to LDAP server

Bug#861212: nslcd: certificate authentication fails with Unknown authentication method: SASL(-4)

Package: nslcd Version: 0.9.7-2 Severity: important Dear Maintainer, debian 7 install works fine with certificate auth. Debian 9 install with same config files appears to not work and throws these erros: Apr 25 16:41:08 nori nslcd[1376]: [52255a] failed to bind to LDAP server