ldap.conf simple auth

Question

I am trying to configure ldap.conf for openldap. I am trying to do simple authentication like you can do with the -x in the ldapsearch commad. We currently have a script that uses a complex ldapsearch command and we want to default many of the configuration settings in the ldap.conf file. We can't seem to find an alternative to -x.

Our config is currently set for URI and BASE which when we do an ldapsearch with the -x option works correctly. However we want any client applications that use the ldap.conf config file to use simple authentication and so we cannot rely on the -x all the time. Is there a way to specify this in ldap.conf file?

Currently when we run the command without the -x we get the following error:

ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
    additional info: SASL(-4): no mechanism available: No worthy mechs found

thanks,

Did you test out the SASL options in `ldap.conf`, especially `SASL_SECPROPS none`? — ridgy, Dec 29 '17 at 17:11
It doesnt not look like the script uses SASL options so I have not included any in the config file — jacksonecac, Dec 29 '17 at 17:16

score 1 · Answer 1 · answered Nov 09 '22 at 08:31

1

What got the desired behavior for me:

$ grep SASL_ /etc/openldap/ldap.conf
SASL_MECH      ANONYMOUS
SASL_SECPROPS  none

answered Nov 09 '22 at 08:31

azzid

938
2
9
24

SASL/ANONYMOUS authentication started ldap_sasl_interactive_bind_s: Authentication method not supported (7) additional info: SASL not supported – Alex Povolotsky Jun 19 '23 at 09:54
Worked for me with ds-389 server, but not with openldap… – azzid Jun 19 '23 at 13:03

ldap.conf simple auth

1 Answers1