From: Torsten Schlabach (no email)
Date: Mon Mar 12 2007 - 18:32:22 EDT
These two changes at least make the basics work, i.e. the ldapdb backend
works now without canon_user. Let's take the next step ...
Dan White schrieb:
> Right. The SASL/EXTERNAL was a copy and paste error, the
> command was supposed to end with '...u:dwhite'. The -U
> was unnecessary. This command does the same thing:
> ldapwhoami -Y EXTERNAL -X u:dwhite
> The contents of my /etc/ldap/ldap.conf file are:
> BASE dc=nodomain
> URI ldapi:///
> and I forgot to mention that I modified /etc/default/slapd
> like so, so that slapd listens on ldapi:
> SLAPD_SERVICES="ldap:/// ldapi:///"
> - Dan
> Howard Chu wrote:
>> Torsten Schlabach wrote:
>>> Hi Dan!
>>> Thank you for taking the time for that detailed writeup.
>>> I have taken a blank server with a fresh Debian Etch installation and
>>> installed the very same packages you did. I did not yet apply the
>>> patches as I wanted to make sure I get all that stuff right out of
>>> the box before I did into canonicalization.
>>> Here is where I got stuck:
>>> cyrus at Debian-pre40-64-minimal:~$ ldapwhoami -Y EXTERNAL \
>>> > -U gidNumber=8+uidNumber=104,cn=peercred,cn=external,cn=auth \
>>> > -X u:dwhite SASL/EXTERNAL
>>> SASL/EXTERNAL authentication started
>>> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>>> additional info: SASL(-4): no mechanism available:
>> The -U flag is not meaningful with SASL/EXTERNAL. The "SASL/EXTERNAL"
>> at the end of your command is erroneous. (In Dan's email it was merely
>> a mis-wrapped line of text output.)
>> The EXTERNAL mechanism is only valid when you use an LDAP session that
>> has an out-of-band mechanism for transmitting the client credentials
>> to the server. That usually means a client certificate for TLS or
>> IPSEC, or an ldapi:// session. You didn't specify any ldapi:// URI
>> here and you didn't show what's in your ldap.conf file so presumably
>> it's not using ldapi.
>>> I do have the modules installed (which I know is a common gotcha):
>>> cyrus at Debian-pre40-64-minimal:~$ dpkg --get-selections | grep sasl
>>> libsasl2 install
>>> libsasl2-2 install
>>> libsasl2-modules install
>>> libsasl2-modules-ldap install
>>> Any idea what I am missing?
>>> Do you have a 32 or 64 bit system?