I tried ldapsearch, but it seems to fail quite basicly:
[root@langham ~]# ldapsearch -D "cn=admin" -w fidelio77 -b "fashioncontent.com" cn=hvendelbo SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: [root@langham ~]# ldapsearch -X -Y SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available:
Date: Sun, 17 Sep 2006 09:53:11 -0600 From: Richard Megginson rmeggins@redhat.com
devel - Fashion Content wrote:
As I understand the message I need to configure some protocol on the server, but I have no idea where or how??
It looks like you're using the OpenLDAP version of ldapsearch and don't have SAASL auth set up on the server.
Yes, but how do I set up SASL auth. What doc describes it in less than 100 pages. Also, why shouldnt the OpenLDAP client be able to talk to Fedora DS ?
It is - see below
You can either pass the "-x" switch to ldapsearch to use plaintext auth, ot use the ldapsearch that comes with the directory server (probably in /opt/fedora-ds/shared/bin).
/usr/bin/ldapsearch -x -D "bind dn" -w bindpassword .....
ldapsearch by default will attempt a SASL bind, using the best mechanism available. To disable this behavior, and force the openldap command line tools to use SIMPLE binddn/password auth, you have to specify the -x argument.
By the way, I think it's a bug that your server advertised the SASL/EXTERNAL mechanism here; that mech should only be offered when there is actually an external security system in place (e.g. IPSEC or TLS). It appears this was a plain, unprotected connection. A mech shouldn't be listed in the supportedSASLmechanisms list if requesting it will in fact fail with "no mechanism available"...
389-users@lists.fedoraproject.org