Re: saslmech=EXTERNAL

To: Gavin Henry <ghenry@suretecsystems.com>

Subject: Re: saslmech=EXTERNAL

From: Greek Ordono <grexk@yahoo.com>

Date: Tue, 14 Jul 2009 20:14:10 -0700 (PDT)

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1247627650; bh=P6Ltz+QZG6M1yDQLUT6U6XxJA5cfy+W8fWi9qptu1sU=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:MIME-Version:Content-Type; b=w6r9d4tlwkf4RPtSPHvTqfKHNr81focd1vIC91xLJJ+hUmcn16uhqhwJu+hKSDcKhSLuxhc4YO9O5DtYS1bLQ6A6jqw8cMYjxHCuVYXPhNz6G2mkO0uqMa4QYG16MCtiUFJGQ1w+7IRaLwrRvMSmQ0NstLsJxgRaXE/sXFBeusQ=

Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:MIME-Version:Content-Type; b=Dgn9IbWrJLo/99TDSCn+gpe5F0RLMOvA8CRD/31NzdDRCUHnmKpcsuOD3yOz++njxzcj3aeYSbNsy5DGHMuqQ8WMaccdHSlHTDTtNOXfpQNkjTUzvtLshl/b+uL5fC6L3M+CDIG7RPT0QO05Fls7TKLPhv2wxZ6NEazXhdg1Vx4=;

I tried that following configuration:

chain-idassert-bind bindmethod=sasl
        saslmech=EXTERNAL
        binddn="cn=whatever"
        starttls=critical
        tls_cert=/etc/ldap/ssl/replicator-cert.pem
        tls_key=/etc/ldap/ssl/replicator-key.pem
        tls_cacert=/etc/ssl/certs/mgoc-cacert.pem
        tls_reqcert=demand
        mode=self
chain-idassert-authzFrom "*"

but when I run

$ ldappasswd -x -D 'uid=guest,ou=users,dc=server,dc=group' -wguest -stseug
Result: Authentication method not supported (7)

--
Greek Ordono
myppa: launchpad.net/~grexk/+archive/ppa

--- On Fri, 7/10/09, Gavin Henry <ghenry@suretecsystems.com> wrote:

From: Gavin Henry <ghenry@suretecsystems.com>
Subject: Re: saslmech=EXTERNAL
To: "Greek Ordono" <grexk@yahoo.com>
Cc: openldap-software@openldap.org
Date: Friday, July 10, 2009, 4:02 AM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> overlay chain
> chain-uri "ldaps://server.group"
> chain-rebind-as-user TRUE
> chain-idassert-bind bindmethod=sasl
>    saslmech=EXTERNAL
>    binddn="cn=whatever"
>    tls_cert=/etc/ldap/ssl/replicator-cert.pem
>    tls_key=/etc/ldap/ssl/replicator-key.pem
>    tls_cacert=/etc/ssl/certs/mgoc-cacert.pem
>    tls_reqcert=demand
>    mode=self
> chain-idassert-authzFrom "*"
> chain-return-error    TRUE

Is slapd listening on ldaps? Why not starttls=yes/critical like below?

> [2]
> syncrepl rid=245
>    provider=ldap://server.group
>    type=refreshAndPersist
>    searchbase="dc=server,dc=group"
>    filter="(objectClass=*)"
>    scope=sub
>    schemachecking=off
>    bindmethod=sasl
>    saslmech=EXTERNAL
>    starttls=yes
>    tls_cert=/etc/ldap/ssl/replicator-cert.pem
>    tls_key=/etc/ldap/ssl/replicator-key.pem
>    tls_reqcert=allow
>    retry="10 20 60 +"
>    logbase="cn=accesslog"
>    logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
>    syncdata=accesslog
>
> --
>
> Greek Ordono
>
> myppa: launchpad.net/~grexk/+archive/ppa
>
>
>

- --
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpWYfgACgkQoJwyzoTgQhTaIgCfU0vFRkoDrYCP8edFLJsERL26
hNcAoJN0JpnZHOmxQ3D6re/G1Ndr6A+s
=caYf
-----END PGP SIGNATURE-----

Follow-Ups:

Re: saslmech=EXTERNAL
- From: Quanah Gibson-Mount <quanah@zimbra.com>