Can you explain the intentions for " olcRemoteAuthTLS: starttls=yes tls_reqcert=never"? Starting TLS without a certificate? Do you expect encryption then?
Kind regards, Ulrich Windl > -----Original Message----- > From: Dino Edwards <[email protected]> > Sent: Wednesday, February 12, 2025 12:39 PM > To: 'Quanah Gibson-Mount' <[email protected]>; openldap- > [email protected] > Subject: [EXT] RE: OpenLDAP Pass-through Authentication > > > > > But here's an example for cn-config, you'd probably have to adjust for > your own environment. > > > dn: olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config > > objectClass: olcOverlayConfig > > objectClass: olcRemoteAuthCfg > > olcOverlay: {6}remoteauth > > olcRemoteAuthTLS: starttls=yes tls_reqcert=never > >olcRemoteAuthMapping: default ldaps://ad.example.com:636 > > olcRemoteAuthDNAttribute: seeAlso > > olcRemoteAuthDomainAttribute: maildrop > > olcRemoteAuthDefaultDomain: default > > olcRemoteAuthDefaultRealm: ldaps://ad.example.com:636 > > olcRemoteAuthStore: FALSE > > olcRemoteAuthRetryCount: 3 > > > I tried loading the example below as a remoteauth.ldif file but I got the > following errors. Guessing the DN is wrong here? > > 67ac865a.098ae3bb 0x7eff0a2166c0 connection_input: conn=1005 deferring > operation: binding > 67ac865a.098c174e 0x7eff0aa176c0 conn=1005 op=1 ADD > dn="olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config" > 67ac865a.098cea57 0x7eff0aa176c0 conn=1005 op=1 RESULT tag=105 err=21 > qtime=0.000066 etime=0.000133 text=objectClass: value #1 invalid per syntax > ldap_add: Invalid syntax (21) > additional info: objectClass: value #1 invalid per syntax > 67ac865a.098d6d29 0x7eff0a2166c0 conn=1005 op=2 UNBIND > adding new entry > "olcOverlay={6}remoteauth,olcDatabase={2}mdb,cn=config" > > Thanks
