Am 03.10.2011 18:04, schrieb Dan White:
On 03/10/11 17:43 +0200, Andreas Rudat wrote:
Am 03.10.2011 16:43, schrieb Dan White:
On 03/10/11 16:27 +0200, Andreas Rudat wrote:
*ldapmodify -Y EXTERNAL -H ldapi:///*
SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0
The output indicates that you successfully authenticated your connection to the server. ldapmodify is waiting for you to tell it something to do (from standard input).
Ah ok, then I missunderstood the tutorial I read.
I'm trying to get sasl+tls running, but I have still some problems. ldapsearch -x -LLL -s base -b "" supportedSASLMechanisms
says supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: NTLM
so tls issn't allowed in my configuration? I added tls on ldap.conf and /etc/default/slapd
Debug says: TLS: can't connect: A TLS packet with unexpected length was received..
What are the contents of your ldap.conf, and your /etc/default/slapd?
What is your TLS configuration on the server? In particular, your TLSVerifyClient/olcTLSVerifyClient setting (which should be something other than the default).
What do you mena with TLS config? of /etc/ssl? I worked with this tutorial for tls https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
ldap.conf ########################################## # host fs.foo.intern
# The distinguished name of the search base. base dc=foo,dc=intern
# Another way to specify your LDAP server is to provide an uri ldaps://127.0.0.1/ uri ldap://127.0.0.1/ rootbinddn cn=admin,dc=foo,dc=intern
ssl start_tls ssl on
tls_checkpeer yes
tls_cacertfile /etc/ssl/certs/ldap_cert.pem tls_cacertdir /etc/ssl/certs
tls_cert tls_key
sasl_secprops maxssf=0 # ############################################
default/slapd ############################################ # SLAPD_CONF=
SLAPD_USER="openldap" SLAPD_GROUP="openldap"
SLAPD_SERVICES="ldap:/// ldaps:///" # ############################################
Thanks Andreas