Hi,
El 28/12/10 12:00, openldap-technical-request@OpenLDAP.org escribió:
Hi, Am Mon, 27 Dec 2010 15:15:21 +0000 schrieb Ubay Dorta Guerra udorta@iac.es:
The simple bind under TLS worked but when i try to use cert-basedSASL EXTERNAL authentication i get no success.
In the proxy server configuration i add the following directive
idassert-bind bindmethod=sasl saslmech=EXTERNAL binddn="CN=proxy-server1.example.com,O=Internet
the binddn should be empty or just don't configure a binddn.
Thank you very much.
I have deleted the binddn in proxy configuration:
idassert-bind bindmethod=sasl saslmech=EXTERNAL tls_cert=/etc/ssl/certs/proxy-server1.example.com.pem tls_key=/etc/ssl/private/proxy-server1.example.com.key tls_cacertdir=/etc/ssl/cacerts/ tls_reqcert=demand mode=self
Now when i make a password change:
ldapmodify -x -H ldaps://proxy-server1.example.com -f pass2_user.ldif -D 'uid=user_w_pass,ou=people,dc=example,dc=com' -W Enter LDAP Password: modifying entry "uid=user_w_pass,ou=people,dc=example,dc=com"
I get the following messages in syslog: ldap-proxy[16709]: conn=1054 fd=8 TLS established tls_ssf=256 ssf=256 ldap-proxy[16709]: conn=1054 op=0 BIND dn="uid=user_w_pass,ou=people,dc=example,dc=com" method=128 ldap-master[16879]: conn=1022 fd=20 TLS established tls_ssf=256 ssf=256 ldap-master[16879]: conn=1022 op=0 BIND dn="uid=user_w_pass,ou=people,dc=example,dc=com" method=128 ldap-master[16879]: conn=1022 op=0 BIND dn="uid=user_w_pass,ou=people,dc=example,dc=com" mech=SIMPLE ssf=0 ldap-master[16879]: conn=1022 op=0 RESULT tag=97 err=0 text= ldap-proxy[16709]: conn=1054 op=0 BIND dn="uid=user_w_pass,ou=people,dc=example,dc=com" mech=SIMPLE ssf=0 ldap-proxy[16709]: conn=1054 op=0 RESULT tag=97 err=0 text= ldap-proxy[16709]: conn=1054 op=1 MOD dn="uid=user_w_pass,ou=people,dc=example,dc=com" ldap-proxy[16709]: conn=1054 op=1 MOD attr=userPassword ldap-master[16879]: conn=1002 op=7 PROXYAUTHZ dn="uid=user_w_pass,ou=people,dc=example,dc=com" ldap-master[16879]: conn=1002 op=7 MOD dn="uid=user_w_pass,ou=people,dc=example,dc=com" ldap-master[16879]: conn=1002 op=7 MOD attr=userPassword ldap-master[16879]: conn=1002 op=7 RESULT tag=103 err=0 text= ldap-proxy[16709]: conn=1054 op=1 RESULT tag=103 err=0 text= ldap-proxy[16709]: conn=1054 op=2 UNBIND ldap-proxy[16709]: conn=1054 fd=8 closed
Regards.
--------------------------------------------------------------------------------------------- ADVERTENCIA: Sobre la privacidad y cumplimiento de la Ley de Protección de Datos, acceda a http://www.iac.es/disclaimer.php WARNING: For more information on privacy and fulfilment of the Law concerning the Protection of Data, consult http://www.iac.es/disclaimer.php?lang=en
Am Tue, 28 Dec 2010 14:31:46 +0000 schrieb Ubay Dorta Guerra udorta@iac.es:
Hi,
El 28/12/10 12:00, openldap-technical-request@OpenLDAP.org escribió:
Hi, Am Mon, 27 Dec 2010 15:15:21 +0000 schrieb Ubay Dorta Guerra udorta@iac.es:
The simple bind under TLS worked but when i try to usecert-based SASL EXTERNAL authentication i get no success.
In the proxy server configuration i add the following directive
idassert-bind bindmethod=sasl saslmech=EXTERNAL binddn="CN=proxy-server1.example.com,O=Internet
the binddn should be empty or just don't configure a binddn.
Thank you very much. I have deleted the binddn in proxy configuration:idassert-bind bindmethod=sasl saslmech=EXTERNAL tls_cert=/etc/ssl/certs/proxy-server1.example.com.pem tls_key=/etc/ssl/private/proxy-server1.example.com.key tls_cacertdir=/etc/ssl/cacerts/ tls_reqcert=demand mode=self
Now when i make a password change:ldapmodify -x -H ldaps://proxy-server1.example.com -f pass2_user.ldif -D 'uid=user_w_pass,ou=people,dc=example,dc=com' -W Enter LDAP Password: modifying entry "uid=user_w_pass,ou=people,dc=example,dc=com"
For password modification you should probably call the extended operation modifiy password (RFC-3206), which is supported by ldappasswd(5).
-Dieter
openldap-technical@openldap.org
-
Dieter Kluenter -
Ubay Dorta Guerra