--On Monday, April 11, 2022 7:23 PM +0000 Dean Lewis deanlewis@nexus-people.com wrote:
If I had a choice, I wouldn't be using this version at all. As with most packages, I'd run the very latest. But I don't have a choice here so this question is about getting pass-through auth working with OpenLDAP 2.4 and AD.
If that's possible, what am I missing in the configuration?
No idea. Remoteauth was written because of a number of issues around using SASL passthrough.
If your OpenLDAP servers are running RedHat (or derivatives), Debian, or Ubuntu, there are freely available options that allow you to be using current releases of OpenLDAP, such as the LTB project and the builds from Symas.
Regards, Quanah
Hello,
I confirm remoteauth is a good alternative to sasl delegation, but is there a way to configure timeouts in the overlay?
Regards,
David
Le 11/04/2022 à 20:36, Quanah Gibson-Mount a écrit :
--On Monday, April 11, 2022 7:23 PM +0000 Dean Lewis deanlewis@nexus-people.com wrote:
If I had a choice, I wouldn't be using this version at all. As with most packages, I'd run the very latest. But I don't have a choice here so this question is about getting pass-through auth working with OpenLDAP 2.4 and AD.
If that's possible, what am I missing in the configuration?
No idea. Remoteauth was written because of a number of issues around using SASL passthrough.
If your OpenLDAP servers are running RedHat (or derivatives), Debian, or Ubuntu, there are freely available options that allow you to be using current releases of OpenLDAP, such as the LTB project and the builds from Symas.
Regards, Quanah
--On Tuesday, April 19, 2022 4:32 PM +0200 David Coutadeur david.coutadeur@gmail.com wrote:
Hello,
I confirm remoteauth is a good alternative to sasl delegation, but is there a way to configure timeouts in the overlay?
Hi David,
Not exactly sure what timeouts you are needing. Can you expand on exactly what the issue is you're encountering? It would likely be a feature request issue ticket.
Regards, Quanah
Le 19/04/2022 à 17:53, Quanah Gibson-Mount a écrit :
--On Tuesday, April 19, 2022 4:32 PM +0200 David Coutadeur david.coutadeur@gmail.com wrote:
Hello,
I confirm remoteauth is a good alternative to sasl delegation, but is there a way to configure timeouts in the overlay?
Hi David,
Not exactly sure what timeouts you are needing. Can you expand on exactly what the issue is you're encountering? It would likely be a feature request issue ticket.
Hi Quanah,
For example, if I define a remoteauth_mapping with a file containing a list of hostnames, the first one is checked first.
After "remoteauth_retry_count" * "connect_timeout" seconds, (210s on my system), remoteauth test the second server in the list.
In some circumstances, it could be nice to set the connect timeout lower (or higher).
Regards,
David
Regards, Quanah
--On Tuesday, April 19, 2022 7:23 PM +0200 David Coutadeur david.coutadeur@gmail.com wrote:
Hi Quanah,
For example, if I define a remoteauth_mapping with a file containing a list of hostnames, the first one is checked first.
After "remoteauth_retry_count" * "connect_timeout" seconds, (210s on my system), remoteauth test the second server in the list.
In some circumstances, it could be nice to set the connect timeout lower (or higher).
Hi David,
Makes sense. I'd suggest filing a feature request on this for the remoteauth overlay.
Regards, Quanah
openldap-technical@openldap.org
-
David Coutadeur -
Quanah Gibson-Mount