Am 03.10.2011 18:04, schrieb Dan White:
On 03/10/11 17:43 +0200, Andreas Rudat wrote:Am 03.10.2011 16:43, schrieb Dan White:On 03/10/11 16:27 +0200, Andreas Rudat wrote:*ldapmodify -Y EXTERNAL -H ldapi:///* SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0The output indicates that you successfully authenticated your connectionto the server. ldapmodify is waiting for you to tell it something to do (from standard input).Ah ok, then I missunderstood the tutorial I read. I'm trying to get sasl+tls running, but I have still some problems. ldapsearch -x -LLL -s base -b "" supportedSASLMechanisms says supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: NTLMso tls issn't allowed in my configuration? I added tls on ldap.conf and /etc/default/slapdDebug says: TLS: can't connect: A TLS packet with unexpected length was received..What are the contents of your ldap.conf, and your /etc/default/slapd? What is your TLS configuration on the server? In particular, yourTLSVerifyClient/olcTLSVerifyClient setting (which should be something otherthan the default).
What do you mena with TLS config? of /etc/ssl? I worked with this tutorial for tls https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html ldap.conf ########################################## # host fs.foo.intern # The distinguished name of the search base. base dc=foo,dc=intern # Another way to specify your LDAP server is to provide an uri ldaps://127.0.0.1/ uri ldap://127.0.0.1/ rootbinddn cn=admin,dc=foo,dc=intern ssl start_tls ssl on tls_checkpeer yes tls_cacertfile /etc/ssl/certs/ldap_cert.pem tls_cacertdir /etc/ssl/certs tls_cert tls_key sasl_secprops maxssf=0 # ############################################ default/slapd ############################################ # SLAPD_CONF= SLAPD_USER="openldap" SLAPD_GROUP="openldap" SLAPD_SERVICES="ldap:/// ldaps:///" # ############################################ Thanks Andreas