0

I'm trying to set up OpenLDAP authentication on a MySQL Commercial Server (5.7.21)

I've followed all the steps described on MySQL web https://dev.mysql.com/doc/refman/5.7/en/ldap-pluggable-authentication.html#ldap-pluggable-authentication-installation

But when I try to log with an LDAP account I have the following error in mysql-error.log

[ERROR] Plugin authentication_ldap_sasl reported: 'Plug-in has failed to read the packet from client'

[ERROR] Plugin authentication_ldap_sasl reported: 'LDAP authentication failed or group retrieval failed:  LDAP error: Operations error'

What I'm missing ????

OpenLDAP and MySQL servers are located in differents VMs, but the same LAN, both VMS can communicate between them, but I have no packet arriving to LDAP (verified with tcpdump)

Thank you in advance

Abel
  • 322
  • 3
  • 13

1 Answers1

1

I have been facing recently the same problem , after searching I came to that:

Knowing that the plugin uses cyrus library for sasl mechanism, and the only supported is scram-sha-1, you have to check if cyrus-sasl-scram plugin is installed

  • first

    I succeded to connect to the server by installing this package : 

    $sudo yum install  cyrus-sasl-scram

  • Second

    check also if the scarm-sha-1 is activated in the ldap server by using this command in the ldap client :

    $ldapsearch -LLL -x -b "" -s base objectclass=* supportedSASLMechanisms

Good luck

Thomas
  • 4,225
  • 5
  • 23
  • 28
Ghita
  • 11
  • 1