[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [OpenLDAP][Authentication] SASL

To: Sergio NNX <sfhacker@hotmail.com>, openldap-technical@openldap.org
Subject: Re: [OpenLDAP][Authentication] SASL
From: Timothy Keith <timothy.g.keith@gmail.com>
Date: Thu, 21 Jan 2016 18:40:18 -0600
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=C8LAhbnC5vw2L5jaUBElj2Fab7XkQkEFyq9GohttvOY=; b=hFATFCZZ2OcDoxI4GdF4w4FO/styF5D3jWHz2roewhYfKv1aywYo75N9kwm36unJ2b EIFdUyWhEmUFCEsKaJzZqow8cYM784jtTYvUF1e5cOdmQj17GZMPNnw3A6KL87aTq8Kb bL2ZXSqB7FNGpdXlPr8YF18aHIFfmKvQ5qNVnn1IFFHtU7wkUe3KM6so8NahkYSq2V2n 4Z6u0zgV9Lp2l4aCiQxbuHoBFv/ZvVeDxUwiPsdb6aast+0ON95Rg8ap78N81YcQFMDN SfqGXnH8hvkLcFcaSHS6FVXNkw8W9FxotbTC+7vlRZgXNLt8MDCe26cz3L8rS18B7c8V KzxA==
In-reply-to: <DUB126-W296DD26EC509970DBC7C8ECCC40@phx.gbl>
References: <CAGraDoF0w4dpTqs4nmL3x5-1UY+zTYAfrY8t+Zavkz2S9rNc9A@mail.gmail.com> <20160104191606.GC3692@dan.olp.net> <CAGraDoEOfU5p4TBuNBzjmJoTGA3cPw_0FQALJikNo+RFH4nuZg@mail.gmail.com> <E23D1B6612D098A7BB0E057C@192.168.1.9> <CAGraDoEtwh9ELSMatak4oarPvB4n8CNd1pZEFX57N2W+_Sf4Xw@mail.gmail.com> <CAGraDoGieaSmjqLJy_AZDLb71XoGRMYXqnhN245B7hq_LJoNjw@mail.gmail.com> <CAGraDoG0dj=LpoTWxLUWz1xUBQ8683GNvFSf48BTNkzUxpDZXg@mail.gmail.com> <CAGraDoHDJ_=uo3swgyna1evP7Z_nRQVi5dsG_hVb0SCPLOj6qw@mail.gmail.com> <20160108203428.GE3710@dan.olp.net> <CAGraDoHjmdv_3b-50GSZj7+fAHu5G6r4HnMF7hZt=vEHs5dsCw@mail.gmail.com> <20160121203127.GH3666@dan.olp.net> <DUB126-W296DD26EC509970DBC7C8ECCC40@phx.gbl>

My scenario is relatively simple.   The user authentication and LDAP
directory for our local application is managed on corporate servers
for which we lack administrative rights.   We wish to maintain a local
view of the LDAP directory for the information that our local
application requires, but not alter the user authentication on the
corporate servers.

Tim

On Thu, Jan 21, 2016 at 6:21 PM, Sergio NNX <sfhacker@hotmail.com> wrote:
>> I am new at LDAP , that is obvious I guess.  But, I've been around Unix
>> for 30 years.
>
> Are we still having issues? We might be able to assist you if you describe
> your set up and your goal in more detail.
>
> Cheers,
>
> Ser.
>
>> Date: Thu, 21 Jan 2016 14:31:28 -0600
>> From: dwhite@cafedemocracy.org
>> To: timothy.g.keith@gmail.com
>> Subject: Re: pass-through authentication
>> CC: dwhite@cafedemocracy.org; openldap-technical@openldap.org
>>
>> You can view your config with:
>>
>> slapcat -n0
>>
>> And verify that object exists.
>>
>> If you're receiving this error due to an ACL problem, verify you
>> have the proper configuration in place to authenticate as the rootdn using
>> sasl/external. See the slapd-config manpage, and see section 15.2 (and in
>> particular 15.2.5) of the Administrator's guide, and reference your
>> OS/distro documentation.
>>
>> On 01/21/16 12:35 -0600, Timothy Keith wrote:
>> >I commented the mech_list in slapd.conf
>> >
>> >The ldapsearch result is now No such object
>> >
>> >ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b cn=config
>> >"(|(cn=config)(olcDatabase={1}hdb))"
>> >No such object (32)
>> >
>> >On Fri, Jan 8, 2016 at 2:34 PM, Dan White <dwhite@cafedemocracy.org>
>> > wrote:
>> >> On 01/07/16 17:24 -0600, Timothy Keith wrote:
>> >>>
>> >>> ldapsearch -LLLQY EXTERNAL -H ldapi:/// -b cn=config
>> >>> "(|(cn=config)(olcDatabase={1}hdb))"
>> >>> ldap_sasl_interactive_bind_s: Authentication method not supported (7)
>> >>> additional info: SASL(-4): no mechanism available:
>> >>
>> >>
>> >> I'm missing some context here. Most likely you have a mech_list hard
>> >> coded
>> >> in your slapd.conf sasl, which does not include the external mech.
>>

References:
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>
- Re: pass-through authentication
  - From: Dan White <dwhite@cafedemocracy.org>
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>
- Re: pass-through authentication
  - From: Dan White <dwhite@cafedemocracy.org>
- Re: pass-through authentication
  - From: Timothy Keith <timothy.g.keith@gmail.com>
- Re: pass-through authentication
  - From: Dan White <dwhite@cafedemocracy.org>

Prev by Date: Re: pass-through authentication
Next by Date: Re: [OpenLDAP][Authentication] SASL
Index(es):
- Chronological
- Thread