Univention Bugzilla – Bug 53448
Whitelist EXTERNAL supportedSASLMechanisms in openldap
Last modified: 2024-01-03 17:48:28 CET
As long as notifier explicitly requests the EXTERNAL mechanism, ``` grep -n 'mechanism\[\]' src/notify.c 343: const char mechanism[] = "EXTERNAL"; ``` The EXTERNAL mechanism should be explicitly whitelisted in /etc/ldap/sasl2/slapd.conf. Make sure that the EXTERNAL mechanism is available with the command below: ``` ldapsearch -LLLx -H ldapi:// -b '' -s base supportedSASLMechanisms | grep EXTERNAL supportedSASLMechanisms: EXTERNAL ```
Our /etc/ldap/slapd.conf already conatins > access to * > by sockname="PATH=/var/run/slapd/ldapi" write which is enough for > ldapsearch -Y EXTERNAL -H ldapi:// to work. So what's missing? (In reply to Ferenc Géczi from comment #0) > ldapsearch -LLLx -H ldapi:// -b '' -s base supportedSASLMechanisms | grep > EXTERNAL > supportedSASLMechanisms: EXTERNAL > ``` It already does.
OK