Can you explain the intentions for " olcRemoteAuthTLS: starttls=yes tls_reqcert=never"? Starting TLS without a certificate? Do you expect encryption then?
Kind regards, Ulrich Windl
-----Original Message----- From: Dino Edwards dino.edwards@mydirectmail.net Sent: Wednesday, February 12, 2025 12:39 PM To: 'Quanah Gibson-Mount' quanah@fast-mail.org; openldap- technical@openldap.org Subject: [EXT] RE: OpenLDAP Pass-through Authentication
But here's an example for cn-config, you'd probably have to adjust for
your own environment.
dn: olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config objectClass: olcOverlayConfig objectClass: olcRemoteAuthCfg olcOverlay: {6}remoteauth olcRemoteAuthTLS: starttls=yes tls_reqcert=never olcRemoteAuthMapping: default ldaps://ad.example.com:636 olcRemoteAuthDNAttribute: seeAlso olcRemoteAuthDomainAttribute: maildrop olcRemoteAuthDefaultDomain: default olcRemoteAuthDefaultRealm: ldaps://ad.example.com:636 olcRemoteAuthStore: FALSE olcRemoteAuthRetryCount: 3
I tried loading the example below as a remoteauth.ldif file but I got the following errors. Guessing the DN is wrong here?
67ac865a.098ae3bb 0x7eff0a2166c0 connection_input: conn=1005 deferring operation: binding 67ac865a.098c174e 0x7eff0aa176c0 conn=1005 op=1 ADD dn="olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config" 67ac865a.098cea57 0x7eff0aa176c0 conn=1005 op=1 RESULT tag=105 err=21 qtime=0.000066 etime=0.000133 text=objectClass: value #1 invalid per syntax ldap_add: Invalid syntax (21) additional info: objectClass: value #1 invalid per syntax 67ac865a.098d6d29 0x7eff0a2166c0 conn=1005 op=2 UNBIND adding new entry "olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config"
Thanks