> Read `configure --help`
I have built with the following and now I see the modules in
/usr/local/libexec/openldap:
./configure \
--enable-dynamic \
--enable-modules \
--enable-syslog \
--enable-overlays=mod \
--enable-argon2=yes \
--enable-remoteauth=mod \
--with-tls \
--with-cyrus-sasl \
--enable-mdb=mod && \
make depend && make -j$(nproc) && make install && \
ldconfig
I bootstrap with the following:
cat >/tmp/min-slapd.conf <<EOF
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/remoteauth.schema
modulepath /usr/local/libexec/openldap
moduleload back_mdb.la
moduleload argon2.la
moduleload remoteauth.la
password-hash {ARGON2}
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
database config
rootdn cn=config
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
manage
by * none
database mdb
maxsize 1073741824
suffix $REAL_SUFFIX
directory $LDAP_DB_DIR
rootdn $REAL_ADMIN_DN
index objectClass eq
index uid,uidNumber,gidNumber,memberUid eq
index cn,sn,mail eq,sub
access to *
by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
manage
by * none
EOF
slaptest -f /tmp/min-slapd.conf -F "$SLAPD_CONFIG_DIR" -n 0
The server seems to come up fine but I'm having a problem trying to
authenticate any users that I add. I generate the password using ARGON as
follows:
slappasswd -o module-load=argon2.la -h {ARGON2} -s "somepassword"
I take the generated hash and I add it to my LDIF file and I add the user
using ldpadd. Here's the LDIF file I'm using:
dn: cn=jimbob,ou=users,dc=mydomain,dc=local
objectClass: inetOrgPerson
givenName: Jim
sn: Bob
displayName: Jim Bob
userPassword:
{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$aItdFWfjJ02G7gKy1Rx2yg$nd6/J9rqccyU3F+A
AqsIPblx1G65ClGp4NgGj94nmTY
mail: [email protected]
uid: jimbob
The logs show that it fails with bad credentials:
690234b6.2d3669c1 0x7f232cca96c0 conn=1030 fd=13 ACCEPT from
IP=172.16.32.108:44114 (IP=0.0.0.0:389)
690234b6.2d37af2b 0x7f232d4aa6c0 conn=1030 op=0 BIND
dn="cn=mydomain-ldap-admin,dc=mydomain,dc=local" method=128
690234b6.2d985910 0x7f232d4aa6c0 conn=1030 op=0 BIND
dn="cn=mydomain-ldap-admin,dc=mydomain,dc=local" mech=SIMPLE bind_ssf=0
ssf=0
690234b6.2d9d9ff4 0x7f232d4aa6c0 conn=1030 op=0 RESULT tag=97 err=0
qtime=0.000014 etime=0.006778 text=
690234b6.2da06aaf 0x7f232eeac6c0 conn=1030 op=1 SRCH
base="ou=users,dc=mydomain,dc=local" scope=2 deref=0
filter="(&(uid=jimbob)(objectClass=inetOrgPerson))"
690234b6.2da109db 0x7f232eeac6c0 conn=1030 op=1 SRCH attr=uid mail
displayName
690234b6.2da49773 0x7f232eeac6c0 conn=1030 op=1 SEARCH RESULT tag=101 err=0
qtime=0.000008 etime=0.000325 nentries=1 text=
690234b6.2dad6316 0x7f232cca96c0 conn=1031 fd=14 ACCEPT from
IP=172.16.32.108:44116 (IP=0.0.0.0:389)
690234b6.2dadee16 0x7f232cca96c0 conn=1031 op=0 BIND
dn="cn=jimbob,ou=users,dc=mydomain,dc=local" method=128
690234b6.2daebb74 0x7f232cca96c0 conn=1031 op=0 RESULT tag=97 err=49
qtime=0.000006 etime=0.000067 text=
I have verified that the password is correct. Any idea what could be the
cause of this. Argon2 module shows as loaded:
ldapsearch -Y EXTERNAL -H ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi -b
"cn=module{0},cn=config" olcModuleLoad
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
# extended LDIF
#
# LDAPv3
# base <cn=module{0},cn=config> with scope subtree
# filter: (objectclass=*)
# requesting: olcModuleLoad
#
# module{0}, config
dn: cn=module{0},cn=config
olcModuleLoad: {0}back_mdb.la
olcModuleLoad: {1}argon2.la
olcModuleLoad: {2}remoteauth.la
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Thanks
