[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: saslmech=EXTERNAL

To: Greek Ordono <grexk@yahoo.com>, Gavin Henry <ghenry@suretecsystems.com>
Subject: Re: saslmech=EXTERNAL
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Wed, 15 Jul 2009 08:45:53 -0700
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <684205.722.qm@web53903.mail.re2.yahoo.com>
References: <684205.722.qm@web53903.mail.re2.yahoo.com>



--On July 14, 2009 8:14:10 PM -0700 Greek Ordono <grexk@yahoo.com> wrote:

I tried that following configuration:

chain-idassert-bind bindmethod=sasl
        saslmech=EXTERNAL
        binddn="cn=whatever"
        starttls=critical
        tls_cert=/etc/ldap/ssl/replicator-cert.pem
        tls_key=/etc/ldap/ssl/replicator-key.pem
        tls_cacert=/etc/ssl/certs/mgoc-cacert.pem
        tls_reqcert=demand
        mode=self
chain-idassert-authzFrom "*"

but when I run

$ ldappasswd -x -D 'uid=guest,ou=users,dc=server,dc=group' -wguest -stseug
Result: Authentication method not supported (7)

I'm not clear what you are trying to do with this ldapsearch command. -xdisables SASL entirely.


--Quanah

--
Greek Ordono
myppa: launchpad.net/~grexk/+archive/ppa

--- On Fri, 7/10/09, Gavin Henry <ghenry@suretecsystems.com> wrote:


From: Gavin Henry <ghenry@suretecsystems.com>
Subject: Re: saslmech=EXTERNAL
To: "Greek Ordono" <grexk@yahoo.com>
Cc: openldap-software@openldap.org
Date: Friday, July 10, 2009, 4:02 AM


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

overlay chain
chain-uri "ldaps://server.group"
chain-rebind-as-user    TRUE
chain-idassert-bind bindmethod=sasl
        saslmech=EXTERNAL
        binddn="cn=whatever"
        tls_cert=/etc/ldap/ssl/replicator-cert.pem
        tls_key=/etc/ldap/ssl/replicator-key.pem
        tls_cacert=/etc/ssl/certs/mgoc-cacert.pem
        tls_reqcert=demand
        mode=self
chain-idassert-authzFrom "*"
chain-return-error         TRUE


Is slapd listening on ldaps? Why not starttls=yes/critical like below?

[2]
syncrepl rid=245
        provider=ldap://server.group
        type=refreshAndPersist
        searchbase="dc=server,dc=group"
        filter="(objectClass=*)"
        scope=sub
        schemachecking=off
        bindmethod=sasl
        saslmech=EXTERNAL
        starttls=yes
        tls_cert=/etc/ldap/ssl/replicator-cert.pem
        tls_key=/etc/ldap/ssl/replicator-key.pem
        tls_reqcert=allow
        retry="10 20 60 +"
        logbase="cn=accesslog"
        logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
        syncdata=accesslog

--

Greek Ordono

myppa: launchpad.net/~grexk/+archive/ppa



- --
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/

Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie,
Aberdeenshire, AB51 4FP.

Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpWYfgACgkQoJwyzoTgQhTaIgCfU0vFRkoDrYCP8edFLJsERL26
hNcAoJN0JpnZHOmxQ3D6re/G1Ndr6A+s
=caYf
-----END PGP SIGNATURE-----




--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- Re: saslmech=EXTERNAL
  - From: Greek Ordono <grexk@yahoo.com>

Prev by Date: Re: Shell backend and cn=config
Next by Date: Re: saslmech=EXTERNAL
Index(es):
- Chronological
- Thread