9.13. Using SASL with LDAP Clients

To use SASL with the LDAP clients, such as ldapsearch, pass the -Y SASL_mechanism to the command. For example:
  • To use the GSSAPI SASL mechanism over the LDAP protocol:
    # ldapsearch -Y GSSAPI -U "dn:uid=user_name,ou=people,dc=example,dc=com" -R EXAMPLE.COM -H ldap://server.example.com -b "dc=example,dc=com"
  • To use the PLAIN SASL mechanism over the LDAPS protocol:
    # ldapsearch -Y PLAIN -D "uid=user_name,ou=people,dc=example,dc=com" -W -H ldaps://server.example.com -b "dc=example,dc=com"


SASL proxy authorization is not supported in Directory Server. Therefore, Directory Server ignores any SASL authzid value supplied by the client.