On 1/13/20 9:16 PM, Peter Sui wrote: > I'm trying to test SASL EXTERNAL to an AD server, which saying support > EXTERNAL. > the command I ran is: > ldapwhoami -H ldap://example.com:389 <http://example.com:389> -YEXTERNAL > but it returned: > ldap_sasl_interactive_bind_s: Unknown authentication method (-6) > additional info: SASL(-4): no mechanism available: > what does this error message mean?
It means that SASL mechanism EXTERNAL cannot work in that context. SASL/EXTERNAL uses whatever suitable authentication information is available at transport layer: Either the Unix peer credentials in case of ldapi:// or TLS client certs. If you're not using one of the above SASL/EXTERNAL cannot work Ciao, Michael.
