[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [OpenLDAP][Authentication] SASL

To: Timothy Keith <timothy.g.keith@gmail.com>
Subject: Re: [OpenLDAP][Authentication] SASL
From: David Magda <dmagda@ee.ryerson.ca>
Date: Sun, 31 Jan 2016 22:14:12 -0500
Cc: openldap-technical@openldap.org
In-reply-to: <CAGraDoFO2eHPfPW7kDiPC=JchxWfNyx+U6txBLxL4pZj6FnB_Q@mail.gmail.com>
References: <CAGraDoF0w4dpTqs4nmL3x5-1UY+zTYAfrY8t+Zavkz2S9rNc9A@mail.gmail.com> <20160104191606.GC3692@dan.olp.net> <CAGraDoEOfU5p4TBuNBzjmJoTGA3cPw_0FQALJikNo+RFH4nuZg@mail.gmail.com> <E23D1B6612D098A7BB0E057C@192.168.1.9> <CAGraDoEtwh9ELSMatak4oarPvB4n8CNd1pZEFX57N2W+_Sf4Xw@mail.gmail.com> <CAGraDoGieaSmjqLJy_AZDLb71XoGRMYXqnhN245B7hq_LJoNjw@mail.gmail.com> <CAGraDoG0dj=LpoTWxLUWz1xUBQ8683GNvFSf48BTNkzUxpDZXg@mail.gmail.com> <CAGraDoHDJ_=uo3swgyna1evP7Z_nRQVi5dsG_hVb0SCPLOj6qw@mail.gmail.com> <20160108203428.GE3710@dan.olp.net> <CAGraDoHjmdv_3b-50GSZj7+fAHu5G6r4HnMF7hZt=vEHs5dsCw@mail.gmail.com> <20160121203127.GH3666@dan.olp.net> <DUB126-W296DD26EC509970DBC7C8ECCC40@phx.gbl> <CAGraDoFsCxwzRAzAYhR9waGLxpe-zoeTDnha0za=ozEAeEfXrw@mail.gmail.com> <DUB126-W957A963A373AE40CB94470CCC40@phx.gbl> <CAGraDoGxGkat-V5mNhZg6R45WoyrtVs5zDp4WhP-ZeVh15iKGw@mail.gmail.com> <800DD943824F8BB3D2E8CA8B@192.168.1.9> <DUB126-W533C4343A0B19C298FBDFECCC40@phx.gbl> <CAGraDoF=M1X2oqfU__vN_zTw+R68t+! _TMJQU7k6qpw9kSFTHow@mail.gmail.com> <CAGraDoFO2eHPfPW7kDiPC=JchxWfNyx+U6txBLxL4pZj6FnB_Q@mail.gmail.com>

Try editing your system-wide ldap.conf(5) file to have:

	TLS_REQCERT	never

“allow” should also work. Also make sure you have a valid setting for TLS_CACERT (and that the file actually exists and has some contents): if you tell LDAP software not to check validity, the cert path has to be there to be ignored.

> On Jan 27, 2016, at 15:18, Timothy Keith <timothy.g.keith@gmail.com> wrote:
> 
> I am using this tutorial   : Pass-Trough authentication with SASL
> http://ltb-project.org/wiki/documentation/general/sasl_delegation
> 
> Tim
> 
> On Fri, Jan 22, 2016 at 2:38 PM, Timothy Keith
> <timothy.g.keith@gmail.com> wrote:
>> Can you recommend a pass-through tutorial ?
>> 
>> Tim
>> 
>> On Fri, Jan 22, 2016 at 2:22 PM, Sergio NNX <sfhacker@hotmail.com> wrote:
>>>> I am new at LDAP , that is obvious I guess.  But, I've been around Unix
>>>> for 30 years.
>>> 
>>>>> The first attempt fails :
>>>>> 
>>>>> ldapwhoami -v -ZZ -Y EXTERNAL
>>>>> ldap_initialize( <DEFAULT> )
>>>>> ldap_start_tls: Connect error (-11)
>>>>> additional info: TLS: hostname does not match CN in peer
>>>>> certificate
>>>> 
>>>> Why do you expect this to work? You failed to supply -H with a valid
>>>> ldap:// URI.
>>> 
>>> There seems to be a lack of knowledge and/or understanding of the basics
>>> here! There are dozens of good tutorials online about how to setup
>>> pass-through authentication using OpenLDAP. This issue shouldn't take more
>>> than a couple of days to fix and test. It is over a month now and it hasn't
>>> been fixed.
>>> 
>>> Can you seek advise from a colleague in your office? Can you describe your
>>> configuration in more detail?
>>> 
>>> Cheers.
>>> 
>>> Ser.

Follow-Ups:
- Re: [OpenLDAP][Authentication] SASL
  - From: "David Magda" <dmagda@ee.ryerson.ca>

Next by Date: Fwd: openldap.org mailing list memberships reminder
Index(es):
- Chronological
- Thread