Yu Joe wrote:
> Dear all
>
> I tried to make my FDS work with sasl(digest-md5)+SSL.
I can get
> correct result by "ldapsearch -Y digest-md5 -U
sasl1 ..." or
> "ldapsearch -x -D 'cn=Directory Manager' -W -H
> ldaps://rhds.example.com...".
> But I got the error message such as "*sasl
encryption not supported
> over ssl"*, when I execute command like
"ldapsearch -Y digest-md5 -U
> sasl1 -H ldaps://rhds.example.com ...". Some of my
friends tell me
> this works on openldap. So I suggest it must be also
working on FDS.
> Is that right? If so, what's the probably reason causes
this error? Or
> it just really don't support? Please helps, thanks a
lot.
No, it really doesn't work. But why are you wanting both SSL
and SASL
privacy ?
For the curious, the way the SSL I/O is layered in the
server is not
compatible with
the implementation of SASL encryption (they're both trying
to layer at
the same place
in the I/O stack). With sufficient motivation I suspect that
SASL over
SSL could be done,
but the question is why would anyone want to do that..
Perhaps all you need to do is to turn off SASL payload
encryption. SASL
authentication
with an SSL connection should work ok.
--
Fedora-directory-users mailing list
Fedora-directory-users redhat.com
https://www.redhat.com/mailman/listinfo/fedora-dir
ectory-users
|
