> You probably need to delete the userPassword attribute?
> This is correct.
Finally got it working. Thanks for all the help!
I was able to piece the solution together. As previously mentioned most
guidance out there focused on configuring it with slapd.conf, however in my
case I was trying
--On Thursday, February 27, 2025 6:10 PM + Bradley T Gill
wrote:
I haven't worked with the integrated remote auth yet, I still use
SASL.. It is something that we have on the backburner to migrate to, if
it works anything like SASL, you need a userPassword that had a
directive, like
ng process,
form what I understand. If you have a link to the docs, I'll take a look and
see what I can find..
From: Dino Edwards
Sent: Thursday, February 27, 2025 10:07 AM
To: Bradley T Gill ; 'Quanah Gibson-Mount'
; openldap-technical@openldap.org
Subject: RE: [EXTERNAL]
--On Thursday, February 27, 2025 2:18 PM + Bradley T Gill
wrote:
You probably need to delete the userPassword attribute?
This is correct.
--Quanah
* You probably need to delete the userPassword attribute?
That was a good idea actually, but sadly it didn’t work either. Same behavior
as before. There is absolutely no indication it’s trying to perform remote
authentication.
> It won't work as explicitly stated in the manual
You probably need to delete the userPassword attribute?
From: Dino Edwards
Sent: Thursday, February 27, 2025 8:51 AM
To: 'Quanah Gibson-Mount' ;
openldap-technical@openldap.org
Subject: [EXTERNAL] RE: OpenLDAP Pass-through Authentication
> It won't work as explicitly stated
> It won't work as explicitly stated in the manual page:
> "If the userPassword is present, authentication is performed locally"
The userPassword field is absolutely empty. I don't know why it shows the
":" column there, but Apache Directory Studio is showing "Empty password" in
the userPassword a
--On Saturday, February 22, 2025 10:58 AM -0500 Dino Edwards
wrote:
dn: cn=local.user,ou=users,dc=localdomain,dc=local
objectClass: inetOrgPerson
cn: local.user
sn: User
displayName: Local User
givenName: Local
mail: lu...@somedomain.tld
o: remotedomain:remote.user
seeAlso: cn=Remote user
> olcRemoteAuthTLS: starttls=no tls_reqcert=never
> AD pretty much always requires TLS, but you've turned it off entirely. I
would expect this to fail.
> You either need to use ldaps:// + port 636 & starttls=no
> OR
>ldap:// + port 389
> and starttls=yes
Actually, it this particular case y
--On Friday, February 14, 2025 7:01 AM + "Windl, Ulrich"
wrote:
Can you explain the intentions for " olcRemoteAuthTLS: starttls=yes
tls_reqcert=never"? Starting TLS without a certificate? Do you expect
encryption then?
Just means it doesn't check the cert for validity AFAIK. AD ofte
--On Thursday, February 20, 2025 9:27 AM -0500 Dino Edwards
wrote:
I cannot figure out how to get remoteauth to work. I would appreciate some
help. I'm trying to use remoteauth against an AD domain. Using the docs
and the examples, this is the config that I have but it's not
authenticating
I cannot figure out how to get remoteauth to work. I would appreciate some
help. I'm trying to use remoteauth against an AD domain. Using the docs and
the examples, this is the config that I have but it's not authenticating to
the AD domain:
remoteauth.ldif
dn: cn=module{2},cn=config
objectClass:
> As I said, you'll need to adjust for your environment. You also will
likley need to
> moduleload the remoteauth overlay.
Thanks I appreciate you taking the time to assist. Trying to wrap my head
around all this. The olcRemoteAuthDNAttribute: seeAlso, is that a an
attribute that's supposed to
39 PM
> To: 'Quanah Gibson-Mount' ; openldap-
> techni...@openldap.org
> Subject: [EXT] RE: OpenLDAP Pass-through Authentication
>
>
>
> > But here's an example for cn-config, you'd probably have to adjust for
> your own environment.
>
> >
--On Wednesday, February 12, 2025 6:38 AM -0500 Dino Edwards
wrote:
But here's an example for cn-config, you'd probably have to adjust for
your own environment.
dn: olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcRemoteAuthCfg
olcOv
> But here's an example for cn-config, you'd probably have to adjust for
your own environment.
> dn: olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config
> objectClass: olcOverlayConfig
> objectClass: olcRemoteAuthCfg
> olcOverlay: {6}remoteauth
> olcRemoteAuthTLS: starttls=yes tls_reqcert=nev
--On Tuesday, February 11, 2025 6:47 AM -0500 Dino Edwards
wrote:
Trying to get pass-through authentication working however, I'm running
to the following error in OpenLDAP:
Is the system it supposed to auth against another ldap server? If so I
would recommend slapo-remoteauth instead
> Trying to get pass-through authentication working however, I'm running
> to the following error in OpenLDAP:
> Is the system it supposed to auth against another ldap server? If so I
would recommend slapo-remoteauth instead:
Hi, thanks for replying.
Yes the plan is to auth against AD. I did
--On Tuesday, February 4, 2025 1:35 PM -0500 Dino Edwards
wrote:
Hi,
Trying to get pass-through authentication working however, I'm running to
the following error in OpenLDAP:
Is the system it supposed to auth against another ldap server? If so I
would recommend slapo-remotea
Le 04/02/2025 à 19:35, Dino Edwards a écrit :
Hi,
Trying to get pass-through authentication working however, I'm running
to the following error in OpenLDAP:
openldap | 679ceede.3aa31e0a 0x7f2ff617e6c0 conn=1004 op=1 SRCH
attr=uid mail displayName
openldap | 679ceede.3aa4b816 0x7f2ff617e
Hi,
Trying to get pass-through authentication working however, I'm running to
the following error in OpenLDAP:
openldap | 679ceede.3aa31e0a 0x7f2ff617e6c0 conn=1004 op=1 SRCH attr=uid
mail displayName
openldap | 679ceede.3aa4b816 0x7f2ff617e6c0 conn=1004 op=1 SEARCH RESULT
tag=
21 matches
Mail list logo
