Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

It is currently Thu Mar 30, 2023 6:44 pm

Discussions about openldap and commercial LDAP distributions, Active Directory, Sun DS and so on.

Author Message
  Post  Post subject: ldapsearch: ldap_sasl_interactive_bind_s: Unknown authentication method  |  Posted: Thu May 13, 2010 11:31 am

Joined: Thu Aug 06, 2009 2:48 am
Posts: 105


ldapsearch: ldap_sasl_interactive_bind_s: Unknown authentication method

Ldapsearch from OpenLDAP tools uses by default SASL authentication method. This can have incompatibility issues with SUN directory server, for example.

To use simple login method, use -x option:

ldapsearch - LDAP search tool

ldapsearch [-n] [-c] [-u] [-v] [-t[t]] [-T path] [-F prefix] [-A]
[-L[L[L]]] [-M[M]] [-S attribute] [-d debuglevel] [-f file] [-x]
[-D binddn] [-W] [-w passwd] [-y passwdfile] [-H ldapuri] [-h ldaphost]
[-p ldapport] [-b searchbase] [-s base|one|sub|children]
[-a never|always|search|find] [-P 2|3] [-e [!]ext[=extparam]]
[-E [!]ext[=extparam]] [-l timelimit] [-z sizelimit] [-O security-prop-
erties] [-I] [-Q] [-U authcid] [-R realm] [-X authzid] [-Y mech]
[-Z[Z]] filter [attrs...]

ldapsearch is a shell-accessible interface to the ldap_search_ext(3)
library call.

ldapsearch opens a connection to an LDAP server, binds, and performs a
search using specified parameters. The filter should conform to the
string representation for search filters as defined in RFC 4515. If
not provided, the default filter, (objectClass=*), is used.

If ldapsearch finds one or more entries, the attributes specified by
attrs are returned. If * is listed, all user attributes are returned.
If + is listed, all operational attributes are returned. If no attrs
are listed, all user attributes are returned. If only 1.1 is listed,
no attributes will be returned.

-n Show what would be done, but don't actually perform the search.
Useful for debugging in conjunction with -v.

-c Continuous operation mode. Errors are reported, but ldapsearch
will continue with searches. The default is to exit after
reporting an error. Only useful in conjunction with -f.

-u Include the User Friendly Name form of the Distinguished Name
(DN) in the output.

-v Run in verbose mode, with many diagnostics written to standard
-x Use simple authentication instead of SASL.

The following error can occur when using openldap tools (ldapsearch/ldapmodify/ldapdelete/ldapadd) with other than OpenLDAP DS:
# ldapsearch ...
SASL/EXTERNAL authentication started 
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)         
additional info: SASL(-4): no mechanism available:

Display posts from previous:  Sort by  
E-mail friendPrint view
Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list

Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]