Dear list, I use Kerberos/GSSAPI for authentication, and I recently locked down my ldap servers with "require authc". With Kerberos tickets, I used to be able to just enter
ldapsearch on the command line. Now I have to do ldapsearch -Y GSSAPI I assume this is because ldapsearch has to do a nonauthenticated bind to find out about the SASL auth mechanisms (by looking for supportedSASLMechanisms), and that fails now. So it would be great if I had a way of setting the default SASL auth mechanism on a machine for all users. However, man ldap.conf tells me that the setting for SASL_MECH is a per user setting only. Is there any other way to achieve this, or am I doing the wrong thing by requiring authc? Thanks, Christian
