Thursday, 27 August 2009

Error "ldap_sasl_interactive_bind_s: Unknown authentication method (-6)" on a LDAPSearch command ...

Whilst building my mega Connections / Domino / Portal / Quickr / Sametime / WCM environment recently, I was using the LDAPSearch command that's available with many Unix installations, including Red Hat Enterprise Linux and Apple OSX.

This is a commonly-used command, and has a fairly simple syntax e.g.

ldapsearch -h hostname.domain.com cn=foobar

or: -

ldapsearch -h hostname.domain.com -b o=organisation cn=foobar

or: -

ldapsearch -h hostname.domain.com -b o=organisation -D cn=admin -w password cn=foobar

However, I kept seeing the error: -

SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available: 

After a quick Google search, it appears that that the LDAPSearch command that I was using is based upon the OpenLDAP product, which defaults to using an authentication mechanism called Simple Authentication and Security Layer (SASL).

Therefore, the LDAPSearch command was expecting to find a SASL-enabled server at the other end - given that I wasn't using OpenLDAP as a server ( I was actually using Domino LDAP ), the trick was to disable the SASL authentication on the client, using the -X switch e.g.

ldapsearch -x -h hostname.domain.com cn=foobar

or: -

ldapsearch -x -h hostname.domain.com -b o=organisation -D cn=admin -w password cn=foobar

Thanks to this blog post for the answer.

# posted by Dave Hay : 11:24
Comments: Post a Comment





<< Home

This page is powered by Blogger. Isn't yours?

Subscribe to Posts [Atom]