[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SOLVED saslmech=EXTERNAL



Hi,

After series of trial and error I finally get it working. The following configuration
works for openldap-2.4.16:

overlay chain
chain-uri "ldap://server.group"
#chain-uri "ldaps:///server.group" - not working at all[1]?
chain-idassert-bind bindmethod=sasl
        saslmech=EXTERNAL
        binddn="cn=whatever"
        #starttls=yes/critical - even this?
        tls_cert=/etc/ldap/ssl/replicator-cert.pem
        tls_key=/etc/ldap/ssl/replicator-key.pem
        tls_cacert=/etc/ssl/certs/mgoc-cacert.pem
        tls_reqcert=demand
        mode=self
chain-tls start
chain-idassert-authzFrom "*"
chain-return-error         TRUE

$ ldappasswd -x -D 'uid=guest,ou=users,dc=server,dc=group' -w1234 -sguest

from the master you may something like this one:

Jul 18 11:45:44 server slapd[1275]: conn=1 op=6 PROXYAUTHZ dn="uid=guest,ou=users,dc=server,dc=group"
Jul 18 11:45:44 server slapd[1275]: conn=1 op=6 EXT oid=1.3.6.1.4.1.4203.1.11.1
Jul 18 11:45:44 server slapd[1275]: conn=1 op=6 PASSMOD new
Jul 18 11:45:44 server slapd[1275]: conn=1 op=6 RESULT oid= err=0 text=

on the slave:

Jul 18 11:47:30 slave slapd[8915]: conn=0 op=0 BIND dn="uid=guest,ou=users,dc=server,dc=group" method=128
Jul 18 11:47:30 slave slapd[8915]: conn=0 op=0 BIND dn="uid=guest,ou=Users,dc=server,dc=group" mech=SIMPLE ssf=0
Jul 18 11:47:30 slave slapd[8915]: conn=0 op=0 RESULT tag=97 err=0 text=
Jul 18 11:47:30 slave slapd[8915]: conn=0 op=1 EXT oid=1.3.6.1.4.1.4203.1.11.1
Jul 18 11:47:30 slave slapd[8915]: conn=0 op=1 PASSMOD new
Jul 18 11:47:30 slave slapd[8915]: conn=0 op=1 RESULT oid= err=0 text=

Thanks for all the people that tried to help me.

[1] http://www.openldap.org/lists/openldap-software/200808/msg00012.html
--
Greek Ordono
myppa: launchpad.net/~grexk/+archive/ppa

--- On Sat, 7/18/09, Quanah Gibson-Mount <quanah@zimbra.com> wrote:

From: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: saslmech=EXTERNAL
To: "Greek Ordono" <grexk@yahoo.com>, ghenry@suretecsystems.com
Cc: openldap-software@openldap.org
Date: Saturday, July 18, 2009, 7:26 AM

--On Friday, July 17, 2009 5:44 PM -0700 Greek Ordono <grexk@yahoo.com>
wrote:

>
> Hi,
>
> What I'm trying to do is change the password[1] of user guest to see if
> my chain overlay will work with saslmech=external. Referring from this
> email[2] this should be working. But I'm a bit I confused cause I can't
> get this working while my syncrepl is working well. TIA

As I said, by using the "-x" mechanism, you are completely disabling SASL.
Thus no SASL/EXTERNAL method is going to work.

--Quanah



--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration