** Changed in: openldap (Ubuntu)
Status: Incomplete => Invalid
** Changed in: openldap2.3 (Ubuntu Hardy)
Status: Confirmed => Invalid
--
Hardy slapd server is not supporting sasl/external authentication
https://bugs.launchpad.net/bugs/249881
You received this bug notification becau
Got it working:
ldapsearch -x -H ldaps:/// -b "" -LLL -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: EXTERNAL
Tks Mathia
Attaching certificates I'm using. The new_client.crt is the last one
created with same country/city/firm/OU etc., no e-mail address.
** Attachment added: "certificates.tar.gz"
http://launchpadlibrarian.net/17567761/certificates.tar.gz
--
Hardy slapd server is not supporting sasl/external auth
Same result here. I copied the files to /etc/ssl/certs and
/etc/ssl/private, modified /etc/ldap/slapd.conf to show the new places
of the files, /home/ubuntu/.ldaprc was also modified to point to
/etc/ssl/certs/ca.cert. There wasn't group ssl-certs, so I created it,
(vigr, vigr -s, GID 114) and adde
Hi,
I've followed the steps you've followed to generate the certificates and
was unable to reproduce your problem:
[EMAIL PROTECTED]:~$ ldapsearch -x -H ldaps:/// -b "" -LLL -s base
supportedSASLMechanisms
dn:
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms
I got the problem again:
# Creating self-signed sertificate
openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# Create server key and request
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
# Sign server request
opens
** Changed in: openldap (Ubuntu)
Status: New => Incomplete
** Also affects: openldap2.3 (Ubuntu)
Importance: Undecided
Status: New
** Changed in: openldap2.3 (Ubuntu)
Status: New => Invalid
** Changed in: openldap2.3 (Ubuntu Hardy)
Importance: Undecided => Medium
I was able to get the EXTERNAL mechanism listed:
[EMAIL PROTECTED]:~$ ldapsearch -x -H ldaps:/// -b "" -LLL -s base
supportedSASLMechanisms
dn:
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: NTLM
supportedSASLMechanisms:
I confirmed that the issue as reported exists in 2.4.9. Also, I
installed 2.4.11 from source - using the defaults provided by the
configure script (probably bound to OpenSSL vs GNUTLS), and it works
just fine with the exact same configuration and certificates. I'll have
to try to build 2.4.11 with
What do you confirm ?
If you don't see EXTERNAL as a supportedSASLMechanisms, make sure that
the client is sending a valid ssl certificate. With a proper ssl setup,
I was able to get EXTERNAL listed as a supportedSASLMechanisms with
2.4.9.
--
Hardy slapd server is not supporting sasl/external a
Confirmed with 2.4.9 from hardy-updates.
--
Hardy slapd server is not supporting sasl/external authentication
https://bugs.launchpad.net/bugs/249881
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
--
Ubuntu-server-bug
Also, could you try with the latest version available in hardy-updates
(2.4.9) ?
--
Hardy slapd server is not supporting sasl/external authentication
https://bugs.launchpad.net/bugs/249881
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to op
Section 15.2.1.8 of the openldap admin guide states the following :
Note: The server must request a client certificate in order to use the
SASL EXTERNAL authentication mechanism with a TLS session. As such, a
non-default TLSVerifyClient setting must be configured before SASL
EXTERNAL authenticatio
Confirming as a regression in hardy.
Strangely, I see EXTERNAL as an option if I connect using ldapi:///, but
not when using ldap://; I'm not sure why that would be, but it may have
to do with the use of gnutls vs. openssl.
** Changed in: openldap (Ubuntu Hardy)
Importance: Undecided => Medium
** Changed in: openldap (Ubuntu)
Sourcepackagename: None => openldap
--
Hardy slapd server is not supporting sasl/external authentication
https://bugs.launchpad.net/bugs/249881
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ub
15 matches
Mail list logo