I tried that following configuration:
chain-idassert-bind bindmethod=sasl saslmech=EXTERNAL binddn="cn=whatever" starttls=critical tls_cert=/etc/ldap/ssl/replicator-cert.pem tls_key=/etc/ldap/ssl/replicator-key.pem tls_cacert=/etc/ssl/certs/mgoc-cacert.pem tls_reqcert=demand mode=self chain-idassert-authzFrom "*"
but when I run
$ ldappasswd -x -D 'uid=guest,ou=users,dc=server,dc=group' -wguest -stseug Result: Authentication method not supported (7)
--
Greek Ordono
myppa: launchpad.net/~grexk/+archive/ppa
--- On Fri, 7/10/09, Gavin Henry ghenry@suretecsystems.com wrote:
From: Gavin Henry ghenry@suretecsystems.com Subject: Re: saslmech=EXTERNAL To: "Greek Ordono" grexk@yahoo.com Cc: openldap-software@openldap.org Date: Friday, July 10, 2009, 4:02 AM
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
overlay chain chain-uri "ldaps://server.group" chain-rebind-as-user TRUE chain-idassert-bind bindmethod=sasl saslmech=EXTERNAL binddn="cn=whatever" tls_cert=/etc/ldap/ssl/replicator-cert.pem tls_key=/etc/ldap/ssl/replicator-key.pem tls_cacert=/etc/ssl/certs/mgoc-cacert.pem tls_reqcert=demand mode=self chain-idassert-authzFrom "*" chain-return-error TRUE
Is slapd listening on ldaps? Why not starttls=yes/critical like below?
[2] syncrepl rid=245 provider=ldap://server.group type=refreshAndPersist searchbase="dc=server,dc=group" filter="(objectClass=*)" scope=sub schemachecking=off bindmethod=sasl saslmech=EXTERNAL starttls=yes tls_cert=/etc/ldap/ssl/replicator-cert.pem tls_key=/etc/ldap/ssl/replicator-key.pem tls_reqcert=allow retry="10 20 60 +" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" syncdata=accesslog
--
Greek Ordono
myppa: launchpad.net/~grexk/+archive/ppa
- -- Kind Regards,
Gavin Henry. Managing Director.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
Suretec Systems is a limited company registered in Scotland. Registered number: SC258005. Registered office: 13 Whiteley Well Place, Inverurie, Aberdeenshire, AB51 4FP.
Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html