Hello,
I just compiled OpenLDAP 2.5alpha on a debian 10 system. I used this howto: https://tylersguides.com/guides/install-openldap-source-debian-stretch/
Slapd is running and I load the following ldif: ----------------- dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /opt/openldap-current/var/run/slapd.args olcPidFile: /opt/openldap-current/var/run/slapd.pid olcTLSCACertificateFile: /etc/ssl/certificates/demoCA/cacert.pem olcTLSCertificateFile: /etc/ssl/certificates/ldap01-cert.pem olcTLSCertificateKeyFile: /etc/ssl/certificates/ldap01-key.pem olcTLSCipherSuite: TLSv1.2:HIGH:!aNULL:!eNULL olcTLSProtocolMin: 3.3
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /opt/openldap-current/libexec/openldap olcModuleload: back_mdb.la olcModuleload: pw-sha2.la
include: file:///opt/openldap-current/etc/openldap/schema/core.ldif include: file:///opt/openldap-current/etc/openldap/schema/cosine.ldif include: file:///opt/openldap-current/etc/openldap/schema/nis.ldif include: file:///opt/openldap-current/etc/openldap/schema/inetorgperson.ldif
dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend olcPasswordHash: {SSHA512} olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcRootDN: cn=config olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none -----------------
When I try to do a ldapsearch with -Y EXTERNAL I get the following error: ----------------- root@lda25:~# ldapsearch -Y EXTERNAL -H ldaps://ldap25.example.net -b cn=config SASL/EXTERNAL authentication started ldap_sasl_interactive_bind: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: -----------------
Ldapsearch -ZZ is working: ----------------- root@lda25:~# ldapsearch -x -ZZ -H ldap://ldap25.example.net -b cn=config -LLL No such object (32)
root@lda25:~# ldapsearch -x -H ldaps://ldap25.example.net -b cn=config -LLL No such object (32) ----------------- So ldaps and ldap+tls is working. Did I miss something during "configure". I would like to help testing version 2.5.
Stefan
--On Thursday, October 15, 2020 7:55 PM +0200 Stefan Kania stefan@kania-online.de wrote:
When I try to do a ldapsearch with -Y EXTERNAL I get the following error:
root@lda25:~# ldapsearch -Y EXTERNAL -H ldaps://ldap25.example.net -b cn=config SASL/EXTERNAL authentication started ldap_sasl_interactive_bind: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available:
Do you have an actual TLS client cert and the appropriate mappings defined, etc?
The test suite explicitly tests SASL/EXTERNAL with TLS, see test068-sasl-tls-external
Or were you intending to do SASL/EXTERNAL over ldapi:///?
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
The problem was sitting in front of the monitor ^^
I must uses ldapi:/// insted of ldaps://<fqdn>. Sometimes it's good to take a break :-)
Am 15.10.20 um 18:55 schrieb Stefan Kania:
Hello,
I just compiled OpenLDAP 2.5alpha on a debian 10 system. I used this howto: https://tylersguides.com/guides/install-openldap-source-debian-stretch/
Slapd is running and I load the following ldif:
dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /opt/openldap-current/var/run/slapd.args olcPidFile: /opt/openldap-current/var/run/slapd.pid olcTLSCACertificateFile: /etc/ssl/certificates/demoCA/cacert.pem olcTLSCertificateFile: /etc/ssl/certificates/ldap01-cert.pem olcTLSCertificateKeyFile: /etc/ssl/certificates/ldap01-key.pem olcTLSCipherSuite: TLSv1.2:HIGH:!aNULL:!eNULL olcTLSProtocolMin: 3.3
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /opt/openldap-current/libexec/openldap olcModuleload: back_mdb.la olcModuleload: pw-sha2.la
include: file:///opt/openldap-current/etc/openldap/schema/core.ldif include: file:///opt/openldap-current/etc/openldap/schema/cosine.ldif include: file:///opt/openldap-current/etc/openldap/schema/nis.ldif include: file:///opt/openldap-current/etc/openldap/schema/inetorgperson.ldif
dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend olcPasswordHash: {SSHA512} olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcRootDN: cn=config olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
When I try to do a ldapsearch with -Y EXTERNAL I get the following error:
root@lda25:~# ldapsearch -Y EXTERNAL -H ldaps://ldap25.example.net -b cn=config SASL/EXTERNAL authentication started ldap_sasl_interactive_bind: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available:
Ldapsearch -ZZ is working:
root@lda25:~# ldapsearch -x -ZZ -H ldap://ldap25.example.net -b cn=config -LLL No such object (32)
root@lda25:~# ldapsearch -x -H ldaps://ldap25.example.net -b cn=config -LLL No such object (32)
So ldaps and ldap+tls is working. Did I miss something during "configure". I would like to help testing version 2.5.
Stefan
openldap-technical@openldap.org
-
Quanah Gibson-Mount -
Stefan Kania