The LDAP server is hosted on Solaris. The client is CentOS. OpenLDAP/NSLCD/SSH authentication via LDAP work fine, but I am not able to use the ldapsearch commands to debug LDAP issues.
[root@tst-01 ~]# ldapsearch
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
[root@tst-01 ~]# cat /etc/openldap/ldap.conf
TLS_CACERTDIR /etc/openldap/cacerts
URI ldap://ldap1.tst.domain.tld ldap://ldap2.tst.domain.tld
BASE dc=tst,dc=domain,dc=tld
[root@tst-01 ~]# ls -al /etc/openldap/cacerts
total 12
drwxr-xr-x. 2 root root 4096 Jun 6 10:31 .
drwxr-xr-x. 3 root root 4096 Jun 10 10:12 ..
-rw-r--r--. 1 root root 895 Jun 6 10:01 cacert.pem
lrwxrwxrwx. 1 root root 10 Jun 6 10:31 cf848aa4.0 -> cacert.pem
[root@tst-01 ~]#
I have tried authentication with a certificate via ldapsearch giving /etc/openldap/cacerts/cacert.pem as a parameter, but it didn't accept this certificate for authentication.
Best Answer
You may wish to turn off SASL and use simple authentication with the "-x" option. For example, a search to find a particular user
Will find "test-user" by