Issue

After upgrading BoKS Manager to 7.2 adsync may fail with the following error message:

BoKS # adsync
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-15): mechanism too weak for this user: Unable to find a callback: 32775
ldapsearch command failed at /opt/boksm/lib/perl/adsync.pl line 321.

The issue is caused by incorrect configuration for ldapsearch causing it to fail when being called by adsync. Running ldapsearch directly also fails with a similar error message:

BoKS # /opt/boksm/lib/ldapsearch  -Y GSSAPI -H
ldap://win2k12.ad.test.foxt.se -b dc=ad,dc=test,dc=foxt,dc=se "(cn=Administrator)" dn
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-15): mechanism too weak for this user: Unable to find a callback: 32775

Resolution / Workaround

The issue is caused by incorrect configuration for ldapsearch being restored with the database. The configuration is stored in the file $BOKS_etc/ldap.conf and the incorrect setting causing the issue is:

SASL_SECPROPS minssf=56,maxssf=128

Changing it back to the 7.2 default value will resolve the issue:

SASL_SECPROPS minssf=56,maxssf=256

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: June 28, 2019