Re: Certificate authentication and back-ldap proxy

Tue, 28 Dec 2010 06:39:28 -0800 

Hi,

El 28/12/10 12:00, [email protected] escribió:
> Hi,
> Am Mon, 27 Dec 2010 15:15:21 +0000
> schrieb Ubay Dorta Guerra <[email protected]>:
>
>   
>>      The simple bind under TLS worked but when i try to use cert-based
>> SASL EXTERNAL authentication i get no success.
>>
>>    In the proxy server configuration i add the following directive
>>
>> idassert-bind   bindmethod=sasl
>>                 saslmech=EXTERNAL
>>                 binddn="CN=proxy-server1.example.com,O=Internet
>>     
> the binddn should be empty or just don't configure a binddn.
>
>   

    Thank you very much.

    I have deleted the binddn in proxy configuration:

idassert-bind   bindmethod=sasl
                saslmech=EXTERNAL
                tls_cert=/etc/ssl/certs/proxy-server1.example.com.pem
                tls_key=/etc/ssl/private/proxy-server1.example.com.key
                tls_cacertdir=/etc/ssl/cacerts/
                tls_reqcert=demand
                mode=self

    Now when i make a password change:

ldapmodify -x -H ldaps://proxy-server1.example.com -f pass2_user.ldif -D
'uid=user_w_pass,ou=people,dc=example,dc=com' -W
Enter LDAP Password:
modifying entry "uid=user_w_pass,ou=people,dc=example,dc=com"

    I get the following messages in syslog:
ldap-proxy[16709]: conn=1054 fd=8 TLS established tls_ssf=256 ssf=256
ldap-proxy[16709]: conn=1054 op=0 BIND
dn="uid=user_w_pass,ou=people,dc=example,dc=com" method=128
ldap-master[16879]: conn=1022 fd=20 TLS established tls_ssf=256 ssf=256
ldap-master[16879]: conn=1022 op=0 BIND
dn="uid=user_w_pass,ou=people,dc=example,dc=com" method=128
ldap-master[16879]: conn=1022 op=0 BIND
dn="uid=user_w_pass,ou=people,dc=example,dc=com" mech=SIMPLE ssf=0
ldap-master[16879]: conn=1022 op=0 RESULT tag=97 err=0 text=
ldap-proxy[16709]: conn=1054 op=0 BIND
dn="uid=user_w_pass,ou=people,dc=example,dc=com" mech=SIMPLE ssf=0
ldap-proxy[16709]: conn=1054 op=0 RESULT tag=97 err=0 text=
ldap-proxy[16709]: conn=1054 op=1 MOD
dn="uid=user_w_pass,ou=people,dc=example,dc=com"
ldap-proxy[16709]: conn=1054 op=1 MOD attr=userPassword
ldap-master[16879]: conn=1002 op=7 PROXYAUTHZ
dn="uid=user_w_pass,ou=people,dc=example,dc=com"
ldap-master[16879]: conn=1002 op=7 MOD
dn="uid=user_w_pass,ou=people,dc=example,dc=com"
ldap-master[16879]: conn=1002 op=7 MOD attr=userPassword
ldap-master[16879]: conn=1002 op=7 RESULT tag=103 err=0 text=
ldap-proxy[16709]: conn=1054 op=1 RESULT tag=103 err=0 text=
ldap-proxy[16709]: conn=1054 op=2 UNBIND
ldap-proxy[16709]: conn=1054 fd=8 closed

    Regards.

---------------------------------------------------------------------------------------------
ADVERTENCIA: Sobre la privacidad y cumplimiento de la Ley de Protección de 
Datos, acceda a http://www.iac.es/disclaimer.php
WARNING: For more information on privacy and fulfilment of the Law concerning 
the Protection of Data, consult http://www.iac.es/disclaimer.php?lang=en

<<attachment: udorta.vcf>>

Reply via email to