Am Tue, 28 Dec 2010 14:31:46 +0000 schrieb Ubay Dorta Guerra udorta@iac.es:
Hi,
El 28/12/10 12:00, openldap-technical-request@OpenLDAP.org escribió:
Hi, Am Mon, 27 Dec 2010 15:15:21 +0000 schrieb Ubay Dorta Guerra udorta@iac.es:
The simple bind under TLS worked but when i try to usecert-based SASL EXTERNAL authentication i get no success.
In the proxy server configuration i add the following directive
idassert-bind bindmethod=sasl saslmech=EXTERNAL binddn="CN=proxy-server1.example.com,O=Internet
the binddn should be empty or just don't configure a binddn.
Thank you very much. I have deleted the binddn in proxy configuration:idassert-bind bindmethod=sasl saslmech=EXTERNAL tls_cert=/etc/ssl/certs/proxy-server1.example.com.pem tls_key=/etc/ssl/private/proxy-server1.example.com.key tls_cacertdir=/etc/ssl/cacerts/ tls_reqcert=demand mode=self
Now when i make a password change:ldapmodify -x -H ldaps://proxy-server1.example.com -f pass2_user.ldif -D 'uid=user_w_pass,ou=people,dc=example,dc=com' -W Enter LDAP Password: modifying entry "uid=user_w_pass,ou=people,dc=example,dc=com"
For password modification you should probably call the extended operation modifiy password (RFC-3206), which is supported by ldappasswd(5).
-Dieter