Re: kadmin: hdb_open: ldap_sasl_bind_s: Authentication method notsupported

[fandino <fandino@ng.fadesa.es>]

Howard Chu wrote:
> fandino wrote:
.....
>> # kadmin -l
>> kadmin> init FADESA.ES
>> kadmin: hdb_open: ldap_sasl_bind_s: Authentication method not supported
>> kadmin>
>>
>>  bellow, you can see as the openldap server is contacted
>> using the ldapi socket and the request is denied with the
>> following message:
>>
>> "SASL(-4): no mechanism available: "
....
>>  anyone knows why heimdal is trying contact the openldap
>> server using an EXTERNAL mech and anonymous bind???

Hello Howard,

> That's just the way the Heimdal code is written. You didn't mention what 

hmmm then, I shouldn't see a sasl bind identity like this:

uidNumber=0\\\+gidNumber=.*,cn=peercred,cn=external,cn=auth

instead of

  ==> sasl_bind: dn="" mech=EXTERNAL datalen=0

>  OS you're running on. Your system needs to support some form of

sorry, I forget it. It's a SuSE Enterprise Server 9 (SLES9). A relatively
common Linux distro.

> credential passing over Unix domain sockets in order for this to work. 
> The OpenLDAP code currently supports the original 4.3 BSD Unix domain 
> socket semantics, current Linux versions, AIX, and Solaris/SVR4.

is there any special that needs to be done in cyrus-sasl to get this
working?

currently openlap(2.2.26) and heimdal(0.6.4) are linked with cyrus-sasl
2.1.18

cyrus-sasl-crammd5-2.1.18-33.1
cyrus-sasl-gssapi-2.1.18-33.1
cyrus-sasl-2.1.18-33.8
cyrus-sasl-digestmd5-2.1.18-33.1
cyrus-sasl-plain-2.1.18-33.1

Thank you.