[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Certificate authentication and back-ldap proxy



Am Tue, 28 Dec 2010 14:31:46 +0000
schrieb Ubay Dorta Guerra <udorta@iac.es>:

> Hi,
> 
> El 28/12/10 12:00, openldap-technical-request@OpenLDAP.org escribió:
> > Hi,
> > Am Mon, 27 Dec 2010 15:15:21 +0000
> > schrieb Ubay Dorta Guerra <udorta@iac.es>:
> >
> >   
> >>      The simple bind under TLS worked but when i try to use
> >> cert-based SASL EXTERNAL authentication i get no success.
> >>
> >>    In the proxy server configuration i add the following directive
> >>
> >> idassert-bind   bindmethod=sasl
> >>                 saslmech=EXTERNAL
> >>                 binddn="CN=proxy-server1.example.com,O=Internet
> >>     
> > the binddn should be empty or just don't configure a binddn.
> >
> >   
> 
>     Thank you very much.
> 
>     I have deleted the binddn in proxy configuration:
> 
> idassert-bind   bindmethod=sasl
>                 saslmech=EXTERNAL
>                 tls_cert=/etc/ssl/certs/proxy-server1.example.com.pem
>                 tls_key=/etc/ssl/private/proxy-server1.example.com.key
>                 tls_cacertdir=/etc/ssl/cacerts/
>                 tls_reqcert=demand
>                 mode=self
> 
>     Now when i make a password change:
> 
> ldapmodify -x -H ldaps://proxy-server1.example.com -f pass2_user.ldif
> -D 'uid=user_w_pass,ou=people,dc=example,dc=com' -W
> Enter LDAP Password:
> modifying entry "uid=user_w_pass,ou=people,dc=example,dc=com"

For password modification you should probably call the extended
operation modifiy password  (RFC-3206), which is supported by
ldappasswd(5).

-Dieter

-- 
Dieter Klünter | Systemberatung
http://dkluenter.de
GPG Key ID:DA147B05
53°37'09,95"N
10°08'02,42"E