2014-02-04 Clément OUDOT <[email protected]>: > > > > 2014-02-04 Jarbas Peixoto Júnior <[email protected]>: > >> 2014-02-04 Clément OUDOT <[email protected]>: >> >>> >>> >>> >>> 2014-02-03 Jarbas Peixoto Júnior <[email protected]>: >>> >>>> I have two ldap servers . >>>> The first is an Ubuntu 04.12 with the package: >>>> >>>> ================================================== >>>> dpkg - l | grep slap >>>> ii slapd OpenLDAP 2.4.28 - 1.1ubuntu4.4 server ( slapd ) >>>> ================================================== >>>> >>>> In this server I get an EXTERNAL as supportedSASLMechanisms . >>>> >>>> ================================================== >>>> ldapsearch - x - H ldaps :/ / 10.XXX - b " " - LLL- s base >>>> supportedSASLMechanisms >>>> dn : >>>> supportedSASLMechanisms : DIGEST - MD5 >>>> supportedSASLMechanisms : EXTERNAL >>>> supportedSASLMechanisms : NTLM >>>> supportedSASLMechanisms : CRAM - MD5 >>>> supportedSASLMechanisms : PLAIN >>>> supportedSASLMechanisms : LOGIN >>>> ================================================== >>>> >>>> The second is a Debian with the package: >>>> >>>> ================================================== >>>> dpkg - l | grep openldap >>>> ii ltb openldap - amd64 2.4.39-1 OpenLDAP server with addons from the >>>> LDAP Tool Box project >>>> ii openldap - ltb - check module check_password amd64 2.4.39-1 password >>>> for password policy >>>> ii openldap - ltb -contrib - amd64 2.4.39-1 overlays contributed to >>>> OpenLDAP Overlays >>>> ================================================== >>>> >>>> In this server I get a NO EXTERNAL as supportedSASLMechanisms . >>>> ================================================== >>>> ldapsearch - x - H ldaps :/ / 10.YYY - b " " - LLL- s base >>>> supportedSASLMechanisms >>>> dn : >>>> supportedSASLMechanisms : DIGEST - MD5 >>>> supportedSASLMechanisms : CRAM - MD5 >>>> supportedSASLMechanisms : NTLM >>>> supportedSASLMechanisms : PLAIN >>>> supportedSASLMechanisms : LOGIN >>>> ================================================== >>>> >>>> Anyone succeeded with this "openldap-tlb" package do an authentication >>>> with digital certificate? >>> >>> >>> >>> Seems you need to have a valid SSL/TLS configuration in order to have >>> this mechanism activated, see this post: >>> http://www.openldap.org/lists/openldap-software/200501/msg00348.html >> >> >> Tanks Clément. I read the your suggest post and not found errors in my >> configurations. See my client/server configuration and log snippets: >> >> ===== SERVER ===== >> = slapd.conf ===== >> TLSCACertificateFile >> /usr/local/openldap/etc/openldap/ssl/AC-Raiz-cacert.pem >> TLSCertificateFile /usr/local/openldap/etc/openldap/ssl/server-cert.pem >> TLSCertificateKeyFile /usr/local/openldap/etc/openldap/ssl/server-key.pem >> TLSVerifyClient allow >> >> === permissions files ===== >> ls -l /usr/local/openldap/etc/openldap/ssl/ >> total 20 >> rw-r--r-- 1 ldap ldap 2260 Jul 24 2013 AC-Raiz-cacert.pem >> -rw-r--r-- 1 ldap ldap 2179 Jul 24 2013 server-cert.pem >> -rw-r--r-- 1 ldap ldap 3243 Jul 24 2013 server-key.pem >> >> ===== CLIENT ===== >> == .ldaprc ===== >> SASL_MECH EXTERNAL >> >> TLS_CACERT /home/jarbelix/ldap/CA/AC-Raiz-cacert.pem >> TLS_CERT /home/jarbelix/ldap/CA/client-cert.pem >> TLS_KEY /home/jarbelix/ldap/CA/client-key.pem >> TLS_REQCERT never >> >> === permissions files ===== >> ls -l /home/jarbelix/ldap/CA/ >> total 20 >> -rw-r--r-- 1 jarbelix jarbelix 2260 Fev 3 10:31 AC-Raiz-cacert.pem >> -rw-r--r-- 1 jarbelix jarbelix 2179 Fev 3 10:40 server-cert.pem >> -rw-r--r-- 1 jarbelix jarbelix 3243 Fev 3 10:40 server-key.pem >> -rw-r--r-- 1 jarbelix jarbelix 2167 Fev 3 11:25 client-cert.pem >> -rw-r--r-- 1 jarbelix jarbelix 3243 Fev 3 11:25 client-key.pem >> >> >> === the client search ===== >> ldapsearch -x -ZZ -H ldap://10.XX.XX.XX -b "" -LLL -s base >> supportedSASLMechanisms >> dn: >> supportedSASLMechanisms: DIGEST-MD5 >> supportedSASLMechanisms: CRAM-MD5 >> supportedSASLMechanisms: NTLM >> supportedSASLMechanisms: PLAIN >> supportedSASLMechanisms: LOGIN >> >> ===== the server log ===== >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 fd=18 ACCEPT from >> IP=10.82.0.22:49076 (IP=0.0.0.0:389) >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 op=0 EXT >> oid=1.3.6.1.4.1.1466.20037 >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 op=0 STARTTLS >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 op=0 RESULT oid= err=0 text= >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 fd=18 TLS established >> tls_ssf=128 ssf=128 >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 op=1 BIND dn="" method=128 >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 op=1 RESULT tag=97 err=0 >> text= >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 op=2 SRCH base="" scope=0 >> deref=0 filter="(objectClass=*)" >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 op=2 SRCH >> attr=supportedSASLMechanisms >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 op=2 SEARCH RESULT tag=101 >> err=0 nentries=1 text= >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 op=3 UNBIND >> Feb 4 08:27:15 linux slapd[14020]: conn=1006 fd=18 closed >> >> ===== test certificates ===== >> openssl s_client -connect 10.XX.XX.XXX:636 -CAfile AC-Raiz-cacert.pem >> -cert client-cert.pem -key client-key.pem >> CONNECTED(00000003) >> depth=1 C = BR, O = DATAPREV, CN = Autoridade Certificadora Raiz da >> DATAPREV >> verify return:1 >> depth=0 C = BR, O = DATAPREV, CN = ldap.dataprev.gov.br >> verify return:1 >> --- >> Certificate chain >> 0 s:/C=BR/O=DATAPREV/CN=ldap.dataprev.gov.br >> i:/C=BR/O=DATAPREV/CN=Autoridade Certificadora Raiz da DATAPREV >> 1 s:/C=BR/O=DATAPREV/CN=Autoridade Certificadora Raiz da DATAPREV >> i:/C=BR/O=DATAPREV/CN=Autoridade Certificadora Raiz da DATAPREV >> --- >> Server certificate >> -----BEGIN CERTIFICATE----- >> MIIGGzCCBAOgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJCUjER >> MA8GA1UEChMIREFUQVBSRVYxMjAwBgNVBAMTKUF1dG9yaWRhZGUgQ2VydGlmaWNh >> ZG9yYSBSYWl6IGRhIERBVEFQUkVWMB4XDTEzMDcyNDEyNDkyNVoXDTIzMDcyMjEy >> NDkyNVowPzELMAkGA1UEBhMCQlIxETAPBgNVBAoTCERBVEFQUkVWMR0wGwYDVQQD >> ExRsZGFwLmRhdGFwcmV2Lmdvdi5icjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC >> AgoCggIBANDDcfKmHT4OOUGY+EkstNH7XbREBlXISHoIl4zRUmXtmOhkFb1T/qir >> 0hJr3D6QHpfKWrCZZEKSC8+JRpXHbzjTS9vG9Kbw2iRye4GvKw4gUF/88gPjkaKW >> b+FrgBJi6DozhQAtF1N6hQ4tJHsXbGk1QL9+n7CKUZgaEO+WNWsr8IL8VdCwzkZw >> 3Vdye56f3fAZsQneQXyoG73jegdSPoa0H37znRm62sY7gEsG4Lf0/ZgsInTfZ2n3 >> AEXZ5vGyFHB0sThIzx44hF+p9psPm55UqGRyrxN9o4eY5VIJ3eRcDpI/XDhV9jK3 >> ZmajuUHUkY+le9x8lAUgFbfMTGUjDJBLbHwKyLztr7YQ8u+Ws6Bow4XFDiOQuT9S >> mYK9RoVptt2KBU0Srnf8MoBOC1uxvj+dWdi5ZdKTfhSHCeR9Ck0uQesC8uCf45+u >> yVd+wSMrX1wYI6h6De4AdsyHSpjMuBVkGG4uucykl3OhvS997a87czttJCNnDF5o >> s2rDk6Pdf/WWpRPe3J8VOfc0rQldOX5bn0eGbE6MbUJ7Sch5l4c7xrixk9zIuRmF >> K7mFklcXXwemQUVNgS7Wl6jQ49GmB1/yYr13uySmdS+7ARZXX8lI7jIRhoNx6oH1 >> ESniClWtWr36f1aWHQVbRE2Q6Z5/O+sU77ZgY76GRcWGtT+DGoVBAgMBAAGjggEL >> MIIBBzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIGQDArBglghkgBhvhCAQ0E >> HhYcVGlueUNBIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU59EUqA4d >> c7s4qYTXlU7Vm7AO3NswgYQGA1UdIwR9MHuAFGqhmY9iBL3iUKnzzpUcG+mchvJd >> oVikVjBUMQswCQYDVQQGEwJCUjERMA8GA1UEChMIREFUQVBSRVYxMjAwBgNVBAMT >> KUF1dG9yaWRhZGUgQ2VydGlmaWNhZG9yYSBSYWl6IGRhIERBVEFQUkVWggkA6p0A >> JlKvo8kwCQYDVR0SBAIwADAJBgNVHREEAjAAMA0GCSqGSIb3DQEBBQUAA4ICAQBf >> Tg95xRWpA57qF+PzA0muGTmyul9GNg1YURwRoH9nMuNLhL97OCKFhmZbx4vTMotY >> gt7fhfytVOlwilrA5KI5SZRuc9BICgocGR2eDGNPRb/872ymPH0qZl2MpDRUtNNt >> NBFciNZylBtn9EI4JqjdyK05HpNEPhgS8x+unvxyK9LiayH9S4xYiuQ069hl3BXY >> Qz6YEKjAvSN1gyjiE9qCNcuO16JG0LH4Vg4bRysPeEP+LBi/B0LGS8QEkAsoya1d >> Ivg69v0qOwuPf3Posas8VtKjCO/HbYZXFQRcyHp2XwVk9C+JyJ/dJ93LDWEmzXK9 >> +COxvSJSRnVAhjXwSe13I5JH1sppeQczDul8EsB5WoSd8ECHJG3S2osehrrzgk4q >> s9D4g8ClLsDGZe6RxzekRBWMTKONQkeUblDZ9ARpf+b74GlOa2X5g4FaXiVYIbP1 >> +u30s3bA78/SXc6zBoY4QQz9otrlymB+ecxR5PTs4J/3d358ntJO1qc8PGORsnER >> SNSlTtVPqU5LElM4EnJuO7ngCyK0U9ImFJiD7GT5PoUdt+//Og15WakRGW3HaIp2 >> WFvm/7dR/NY2mrQJXjsBVe60+9Bml/TXaGjkwmEgKCKi7fNHRJKJb3flpJP7q32K >> GKz30FH9tGeANvJMowUg5e9vsYCrKzd+Vxv4Eo1H+Q== >> -----END CERTIFICATE----- >> subject=/C=BR/O=DATAPREV/CN=ldap.dataprev.gov.br >> issuer=/C=BR/O=DATAPREV/CN=Autoridade Certificadora Raiz da DATAPREV >> --- >> Acceptable client certificate CA names >> /C=BR/O=DATAPREV/CN=Autoridade Certificadora Raiz da DATAPREV >> --- >> SSL handshake has read 5200 bytes and written 4550 bytes >> --- >> New, TLSv1/SSLv3, Cipher is AES256-SHA >> Server public key is 4096 bit >> Secure Renegotiation IS supported >> Compression: NONE >> Expansion: NONE >> SSL-Session: >> Protocol : TLSv1.1 >> Cipher : AES256-SHA >> Session-ID: >> 4CD443B1403A743A1673DE426AC0F737C7BA93509FF4890ECFB7984DDF782E0D >> Session-ID-ctx: >> Master-Key: >> 9BEB6996B8CBC88A3824E02D40AB9232E49A0418E25A6D9E20AECDB11BCF4825596E77140D8CD69AD193F761F3AF60CE >> Key-Arg : None >> PSK identity: None >> PSK identity hint: None >> SRP username: None >> TLS session ticket lifetime hint: 300 (seconds) >> TLS session ticket: >> 0000 - b7 3e d5 84 0f 40 ae 06-c1 41 17 80 92 0c b1 d5 >> .>[email protected]...... >> 0010 - f5 dd 8f 52 45 f1 cf 4c-59 4e 22 a6 ca d1 b6 09 >> ...RE..LYN"..... >> 0020 - 36 15 69 7c ca 26 29 f3-2a 58 aa ef 8c f4 dd c8 >> 6.i|.&).*X...... >> 0030 - 4d 49 19 39 8a c4 71 77-db be 95 c5 c7 0e 4f 82 >> MI.9..qw......O. >> 0040 - 52 df 17 c0 d2 8d 2e 8f-f6 b1 f9 78 b4 ce f8 16 >> R..........x.... >> 0050 - a8 cb 73 36 da f2 fb 00-fd 11 34 fe ec 35 3c 8e >> ..s6......4..5<. >> 0060 - ac 26 41 11 ee 6b 2a 39-29 d5 e1 c6 2e fd 11 0b >> .&A..k*9)....... >> 0070 - d5 36 92 7f 7c 53 85 6c-4d c8 7c a7 50 d0 46 63 >> .6..|S.lM.|.P.Fc >> 0080 - 32 a1 d8 13 26 ec dd 85-e6 33 cb 7e 6c 37 7b 68 >> 2...&....3.~l7{h >> 0090 - 62 7d 00 3f 8c 5e 75 c6-20 ba aa 9a 12 30 49 06 b}.?.^u. >> ....0I. >> 00a0 - 97 c6 d5 fe 6b 1d e7 7b-ce 19 78 d4 b2 3f cb 32 >> ....k..{..x..?.2 >> 00b0 - 49 af 4a 07 4e 2d b2 dd-ec bd 7e ca ca 79 eb 8b >> I.J.N-....~..y.. >> 00c0 - d6 94 84 ee a2 be 3c 9b-2a 3d b4 d5 71 a1 ed 61 >> ......<.*=..q..a >> 00d0 - d6 ee b8 ee 88 c1 64 9d-ad 57 63 ea 2e 9f d1 8f >> ......d..Wc..... >> 00e0 - f1 41 ca fb ed 57 25 aa-c2 00 07 80 df 3e ce 59 >> .A...W%......>.Y >> 00f0 - de 28 bb 51 61 85 f4 34-e6 66 c3 71 d5 0f b5 4d >> .(.Qa..4.f.q...M >> 0100 - 59 87 ce ce b4 5a 52 b0-f6 10 81 61 be 13 ea fe >> Y....ZR....a.... >> 0110 - 25 fc dc 7b 58 f0 c3 a6-c3 14 e1 3a 7a cb 43 ed >> %..{X......:z.C. >> 0120 - bf f2 8d 20 c3 df 83 db-2a 1e 24 87 11 f2 90 4d ... >> ....*.$....M >> 0130 - 58 0a 4a f3 f0 99 31 34-db 4b 92 5d ce 5a 02 05 >> X.J...14.K.].Z.. >> 0140 - d9 b3 87 01 69 65 b4 cb-3c c9 36 f0 10 88 87 9c >> ....ie..<.6..... >> 0150 - f9 75 44 28 29 01 1e f6-8e 7d 23 68 e7 e8 e6 7c >> .uD()....}#h...| >> 0160 - 7b 7a c3 d3 d4 86 9d 8b-b7 4c b1 fe 39 c7 c9 db >> {z.......L..9... >> 0170 - cf 0a 38 ba 4b d1 ac 13-9d 53 b5 1f 76 0f 7e be >> ..8.K....S..v.~. >> 0180 - 2f 71 d0 94 6a 16 d0 c6-e6 22 ec 43 30 6c a3 9f >> /q..j....".C0l.. >> 0190 - 76 f2 8f f8 00 da 6f 1f-ef 20 0f da 28 a9 b0 6e v.....o.. >> ..(..n >> 01a0 - 59 93 d8 ff 7c ae ba b7-17 c8 7b a9 36 34 54 94 >> Y...|.....{.64T. >> 01b0 - 99 c4 cd 8f e0 df 0b 2a-6f d7 80 2b 0c c5 90 5b >> .......*o..+...[ >> 01c0 - 8b 94 ed 98 b4 ab 89 43-61 ae 08 ae d2 8f 06 92 >> .......Ca....... >> 01d0 - 7b 37 90 51 a9 4f cd 98-ec 61 ec 80 02 e5 80 04 >> {7.Q.O...a...... >> 01e0 - fc 83 5a 7f 75 bb e6 07-36 95 b4 6e 1f 64 59 ee >> ..Z.u...6..n.dY. >> 01f0 - df 4a 1c 95 4a c5 08 de-f0 0f fd 4f a4 4f 1c cb >> .J..J......O.O.. >> 0200 - c6 b0 a6 8e f4 f9 4d 03-19 6e 82 b8 28 04 f5 da >> ......M..n..(... >> 0210 - ff 67 bf 2a 23 d3 ab 70-b9 58 f3 36 9f bb f9 a6 >> .g.*#..p.X.6.... >> 0220 - 93 06 c3 9f 3f f4 92 4c-42 63 1d c9 1d 9d 4d cf >> ....?..LBc....M. >> 0230 - 61 47 9c 88 6c 78 01 de-c8 4a 22 50 e6 09 b9 5b >> aG..lx...J"P...[ >> 0240 - 8d 90 27 3b 59 94 bd 70-6c ad 3c 58 27 ea c7 9c >> ..';Y..pl.<X'... >> 0250 - e7 c6 49 9f 28 e0 a2 29-fa 74 4b 40 62 3b 9f 78 >> ..I.(..).tK@b;.x >> 0260 - cc 88 e3 b6 45 46 68 91-5d b8 e2 52 9c bd 33 27 >> ....EFh.]..R..3' >> 0270 - bb 91 41 6a ae 3e f7 c0-99 fb ad f0 8f f8 19 80 >> ..Aj.>.......... >> 0280 - b4 63 c7 12 eb 04 4e c3-df 47 7e 12 78 d0 32 82 >> .c....N..G~.x.2. >> 0290 - a7 20 df e3 9b 08 d9 f0-cf 36 6f e4 38 8a 42 d4 . >> .......6o.8.B. >> 02a0 - 01 2c 85 02 68 52 3e 8c-2c ac e1 39 1b 08 8c cb >> .,..hR>.,..9.... >> 02b0 - 23 f6 e2 23 b2 39 89 35-62 23 7c df e4 56 34 da >> #..#.9.5b#|..V4. >> 02c0 - 86 13 0a d4 e8 fa 97 ee-1b 82 c0 3d 99 6d ea 84 >> ...........=.m.. >> 02d0 - 98 50 8e 1c 7e f5 8e b8-22 17 4d 36 51 92 8e cc >> .P..~...".M6Q... >> 02e0 - e2 bd cf 6f 2a 14 3f 50-72 fb 18 89 53 e2 3b 9a >> ...o*.?Pr...S.;. >> 02f0 - a5 ab 27 86 44 3b 37 60-fb c9 cf 62 6d 23 6c 56 >> ..'.D;7`...bm#lV >> 0300 - 45 70 e2 2d c8 41 c2 70-12 0c 71 bc 50 23 38 6f >> Ep.-.A.p..q.P#8o >> 0310 - a5 c9 49 4c 77 a2 b4 b4-fb 42 0c fc d4 9b 5e 3d >> ..ILw....B....^= >> 0320 - a8 a2 8b 3f bb f6 aa 47-f2 fd d5 4c 5b e7 41 f8 >> ...?...G...L[.A. >> 0330 - d4 c9 0f fc ee 05 47 27-74 db d2 b9 b2 0f 6d a9 >> ......G't.....m. >> 0340 - 84 0f 41 28 73 14 ef 46-31 4a 96 1a 8f 4e 11 4f >> ..A(s..F1J...N.O >> 0350 - 8e 64 57 78 93 55 44 0c-18 33 be c3 f2 ed 3d 8f >> .dWx.UD..3....=. >> 0360 - ce 1a ec d3 ff 9f 72 e3-2c 7b e4 60 6d 55 b0 d3 >> ......r.,{.`mU.. >> 0370 - df 0d 12 36 d6 0e 66 1e-8f f1 25 c4 a9 35 88 08 >> ...6..f...%..5.. >> 0380 - 15 89 f1 4e d7 72 5a 2c-e7 f3 a5 f5 36 f7 c4 0d >> ...N.rZ,....6... >> 0390 - 99 3f 83 d2 ac 13 f4 14-08 28 26 b0 c7 25 b8 54 >> .?.......(&..%.T >> 03a0 - 26 85 e2 12 b0 7e c2 ea-43 86 47 77 46 ed 05 e8 >> &....~..C.GwF... >> 03b0 - d0 6a 43 cc c3 41 33 96-16 9f 64 50 31 51 a0 a6 >> .jC..A3...dP1Q.. >> 03c0 - 2c 07 69 79 01 4d c7 a1-a2 e4 f0 aa f2 4e 2f d1 >> ,.iy.M.......N/. >> 03d0 - 4b de 4f 4a bb 96 6c 55-ad 2f 28 91 7a ab 2e d2 >> K.OJ..lU./(.z... >> 03e0 - ff ab 83 12 ba 52 75 31-bb b2 d5 2d 27 24 81 4e >> .....Ru1...-'$.N >> 03f0 - 32 8d 0b d1 8e 45 48 15-48 fc 4b 7b d3 f6 b7 e5 >> 2....EH.H.K{.... >> 0400 - 2d 5f bc cc 9a dc 94 d2-60 02 b6 c8 b5 ef 1d c3 >> -_......`....... >> 0410 - 92 e4 45 38 05 86 ed e4-dd ed 40 64 10 29 74 9e >> ..E8......@d.)t. >> 0420 - af 52 7e a0 b2 5f 58 83-47 b8 ff 34 16 1f d5 04 >> .R~.._X.G..4.... >> 0430 - 79 59 b5 80 a2 5a af ff-eb 48 be 4f a2 58 db d7 >> yY...Z...H.O.X.. >> 0440 - 61 4d 9b 18 a9 58 2c 9b-cd 53 9b be 0d 8d 4a d8 >> aM...X,..S....J. >> 0450 - 43 5f 9f 70 8b 98 b6 af-83 b2 a7 b8 27 f5 9f 73 >> C_.p........'..s >> 0460 - eb 24 2c 6e 7f dd d9 5a-d7 62 7d 1e 51 91 e6 7f >> .$,n...Z.b}.Q... >> 0470 - 9e 49 6d 78 46 d2 4a d6-aa d8 3a bf 12 52 f6 8b >> .ImxF.J...:..R.. >> 0480 - 6d 32 ee ac d5 1c 6b cf-05 0f 7b 7d d4 ff 36 de >> m2....k...{}..6. >> 0490 - e2 40 71 38 08 15 ad 34-37 b3 e6 2d ac 3b 8c 22 >> [email protected].;." >> 04a0 - 39 a7 4c 34 8f ae 67 ac-fd 4c 97 cb 53 be 87 dd >> 9.L4..g..L..S... >> 04b0 - fa 66 f4 ba b8 74 2c ee-72 22 38 30 60 47 57 eb >> .f...t,.r"80`GW. >> 04c0 - ac df 02 76 fc 9d c9 bd-07 8c 15 87 43 d2 d4 07 >> ...v........C... >> 04d0 - 03 8c af a7 41 4e d0 2f-aa 17 85 20 47 1e bf 6d ....AN./... >> G..m >> 04e0 - 00 ea 06 f7 77 5b a6 6b-46 87 87 00 1c 19 82 78 >> ....w[.kF......x >> 04f0 - c0 11 83 d5 b7 d9 e5 82-97 ba 4c 94 9e bc ea 47 >> ..........L....G >> 0500 - 96 0d 56 b3 75 78 10 a4-22 b8 28 8b 79 4c 54 96 >> ..V.ux..".(.yLT. >> 0510 - 83 00 e5 a7 ed 98 50 53-60 9c bc 55 9c fa 0f 36 >> ......PS`..U...6 >> 0520 - cb 72 b7 30 ee e0 e5 10-cf 24 9a 40 a9 9b a2 b9 >> .r.0.....$.@.... >> 0530 - e6 be 11 df 17 65 df 14-26 35 1c be b3 ba 39 7f >> .....e..&5....9. >> 0540 - 7e d8 d4 af 4d d3 46 7f-46 87 7e f2 57 80 db cb >> ~...M.F.F.~.W... >> 0550 - c9 c4 44 b3 1f de 3c 92-9d d1 6d 61 00 0e c9 cc >> ..D...<...ma.... >> 0560 - 7b ce f7 19 82 75 ed 23-a2 e9 89 4d 02 eb a2 fe >> {....u.#...M.... >> 0570 - 6c 1e 4d 3a 61 eb 7e 36-9c 25 1f 80 e5 63 1a ec >> l.M:a.~6.%...c.. >> 0580 - 94 bd e2 9d 5a df 5f 28-6e 03 fa 4f 23 7d 94 84 >> ....Z._(n..O#}.. >> 0590 - ee 08 ad 5c 29 ab ae 0e-81 a4 d3 19 fb b9 ba fb >> ...\)........... >> 05a0 - 3e 57 cd f1 aa 4f a4 56-49 54 6d 06 1f c0 11 30 >> >W...O.VITm....0 >> 05b0 - d0 70 17 f6 16 0e ab 0d-21 d7 8e 84 44 a5 39 85 >> .p......!...D.9. >> 05c0 - bb 2a e7 6c 5f 9d 7c c5-73 d9 10 4a c8 26 b7 f7 >> .*.l_.|.s..J.&.. >> 05d0 - 57 04 50 f7 9b f7 1c c9-1b 83 c1 a0 00 2a 3b df >> W.P..........*;. >> 05e0 - b1 47 89 61 a5 55 32 35-34 7d 96 93 89 a9 20 c6 >> .G.a.U254}.... . >> 05f0 - 2c be 31 2e 26 1f aa 30-55 42 4a 29 7d 77 c6 02 >> ,.1.&..0UBJ)}w.. >> 0600 - db 2b fa 31 8b 5f d3 d5-ea b0 90 0e 3b b2 04 36 >> .+.1._......;..6 >> 0610 - c9 e6 0e da b1 55 14 17-84 57 77 ff c1 fa 7f 77 >> .....U...Ww....w >> 0620 - 2b 01 2f f6 ca c5 ec ba-56 be 8d fd 54 58 3e 9b >> +./.....V...TX>. >> 0630 - 56 43 55 ab 29 4c 2a 57-5b fb 45 6b bb 6d 64 24 >> VCU.)L*W[.Ek.md$ >> 0640 - d5 e0 49 ed 99 12 2a 0a-77 27 85 20 b6 b3 8a a4 ..I...*.w'. >> .... >> 0650 - e2 14 36 07 9c 4f e5 fe-dc 3d c1 0e 13 2e c4 e8 >> ..6..O...=...... >> 0660 - d7 23 bf 59 ca 8c 42 03-b8 c6 5e 77 dc 52 b7 85 >> .#.Y..B...^w.R.. >> 0670 - af c7 ac 5a d6 83 6e f4-1b 33 9f 70 62 2f 2a 9b >> ...Z..n..3.pb/*. >> 0680 - 2a a3 ff ca 87 d5 56 bf-0b 1b 7e 52 11 8b 79 31 >> *.....V...~R..y1 >> 0690 - af 47 d1 dc 95 87 27 88-b7 2d 15 e3 f2 72 85 52 >> .G....'..-...r.R >> 06a0 - 01 89 57 3c 34 79 bc e0-e5 2a 7d e4 87 39 f6 9a >> ..W<4y...*}..9.. >> 06b0 - 48 51 bd 79 6c 33 4c e1-1b 34 42 03 17 4f 1c 1f >> HQ.yl3L..4B..O.. >> >> Start Time: 1391513441 >> Timeout : 300 (sec) >> Verify return code: 0 (ok) >> --- >> DONE >> >> === server log ===== >> Feb 4 08:36:42 linux slapd[14172]: conn=1000 fd=18 ACCEPT from >> IP=10.82.0.22:41910 (IP=0.0.0.0:636) >> Feb 4 08:36:42 linux slapd[14172]: conn=1000 fd=18 TLS established >> tls_ssf=256 ssf=256 >> Feb 4 08:36:47 linux slapd[14172]: conn=1000 fd=18 closed (connection >> lost) >> > > > Well your openssl test seems to work, so what is the problem? > > See also this doc: http://jpmens.net/pages/ldap-external/ > > Clément.
Thanks Clément. I had already read this doc too. I read again the http://www.openldap.org/doc/admin24/sasl.html (15.2.6. Direct Mapping) and realized that there was a wrongly configured servers. I changed the slapd.conf the authz-regexp and finally worked normally. Thank you again. Jarbas _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
