[Bug 249881] Re: Hardy slapd server is not supporting sasl/external authentication
Mathias Gug
mathiaz at ubuntu.com
Thu Aug 28 19:32:00 BST 2008
I was able to get the EXTERNAL mechanism listed:
mathiaz at t-sasl:~$ ldapsearch -x -H ldaps:/// -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: EXTERNAL
I've used the following options in slapd.conf:
TLSCACertificateFile /etc/ssl/certs/cacert.pem
TLSCertificateFile /etc/ssl/certs/t-sasl.vmnet.pem
TLSCertificateKeyFile /etc/ssl/private/t-sasl.vmnet.key
TLSVerifyClient demand
and the following options in .ldaprc:
TLS_CACERT /etc/ssl/certs/cacert.pem
TLS_CERT /home/mathiaz/t-client.vmnet.pem
TLS_KEY /home/mathiaz/t-client.vmnet.key
I've use a properly PKI to create the certificates:
cacert.pem is a self-signed certifcate. t-sasl.vmnet.pem and
t-client.vmnet.pem are certificate signed by cacert.pem.
Using a self-signed certificate on the client won't work (ldapsearch
doesn't send self-signed certificates).
--
Hardy slapd server is not supporting sasl/external authentication
https://bugs.launchpad.net/bugs/249881
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
More information about the Ubuntu-server-bugs
mailing list