Sasl mechanism always PLAIN with ldap

Francesco_Gatto · November 28, 2017, 11:14am

Hi, i’m using the version 3.9.3 of Openfire (but the problem is still in 4.1.6).
When i use Openfire with my user database the sasl mechanis is correct. I receive in the response this xml

<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>DIGEST-MD5</mechanism><mechanism>SCRAM-SHA-1</mechanism><mechanism>PLAIN</mechanism><mechanism>CRAM-MD5</mechanism></mechanisms>

When i switch to LDAP i have always Plain Sasl mechanism

<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism></mechanisms>

I tried to insert the system property “sasl.mechs” : DIGEST-MD5,SCRAM-SHA-1,PLAIN . but is not working, Plain is always the only and default mech.

So i tried to insert only “sasl.mechs” : DIGEST-MD5,SCRAM-SHA-1 but the respone is empty

<mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism></mechanism></mechanisms>

Anyone have any idea about this?

speedy · November 28, 2017, 5:19pm

the query to ldap/ad is always plain, and is why its recommended to use ldaps.

authentication for users can take place based on what your ldap supports. for example, AD only supports a few sasl mechs. (gssapi, external, plain, ntlm, md5 ).