Arthur de Jong writes:
>> nslcd: [8b4567] DEBUG:
>> ldap_sasl_interactive_bind_s(NULL,"auto") (uri="ldap://192.168.122.4";)
>> nslcd: [8b4567] failed to bind to LDAP server
>> ldap://192.168.122.4: Unknown authentication method: Operation now in
>> progress
>
> What is nslcd supposed to do w
On Thu, 2010-11-11 at 12:44 +0100, Daniel Dehennin wrote:
> The auto SASL mechanism need support in the code:
>
> nslcd: [8b4567] DEBUG: ldap_initialize(ldap://192.168.122.4)
> nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
> nslcd: [8b4567] DEBUG:
> ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
Arthur de Jong writes:
> Can you check out the SVN version and see if there are any things I
> missed? Currently the tool completely replaces the debconf data every
> time but I think this makes the logic as understandable as possible
> for now.
The auto SASL mechanism need support in the code:
On Tue, 2010-11-09 at 21:42 +0100, Daniel Dehennin wrote:
> I have simplify the template and fix the read_config function.
Thanks. I've done some more work on the templates and fixed the
read_config function in a slightly different way and committed it to the
repository. This also includes the cha
Arthur de Jong writes:
[...]
> I'm now mostly happy with the .config and .postinst files but I think
> the .templates files has some issues still. The text is rather long and
> even lintian complains about the nslcd/ldap-sasl-mech and
> nslcd/ldap-sasl-secprops templates.
>
> Can you see if you
On Tue, 2010-08-17 at 22:39 +0200, Daniel Dehennin wrote:
> Arthur de Jong writes:
>
> > Hi, just to give you a heads up on this issue I'm afraid we are too late
> > for squeeze since it is frozen now. I'm sorry but haven't had time to
> > look into this before the freeze.
> >
> > I have some oth
Arthur de Jong writes:
> Hi, just to give you a heads up on this issue I'm afraid we are too late
> for squeeze since it is frozen now. I'm sorry but haven't had time to
> look into this before the freeze.
>
> I have some other bugs in nss-pam-ldapd that I want to have fixed in
> squeeze first bu
On Wed, 2010-07-21 at 15:09 +0200, Daniel Dehennin wrote:
> Hello, I attache a patch against your nslcd.config, I can provide one
> against trunk if you prefer.
Hi, just to give you a heads up on this issue I'm afraid we are too late
for squeeze since it is frozen now. I'm sorry but haven't had ti
Arthur de Jong writes:
> First, the detection routines are now a little cleaner I think. All
> options are read from the config, even if they don't make much sense
> combined. We want to try to retain as much as possible from the
> administrator's changes to the file.
Hello, I attache a patch ag
Arthur de Jong writes:
Hello,
> First, the detection routines are now a little cleaner I think. All
> options are read from the config, even if they don't make much sense
> combined. We want to try to retain as much as possible from the
> administrator's changes to the file.
I have a problem wi
On Wed, 2010-07-14 at 13:41 +0200, Daniel Dehennin wrote:
> Here is the changelog, patch based on latest svn (revno:1161):
> * debian/nslcd.config: Manage SASL questions, bindpw is shared between
> binddn and sasl, it's asked just after binddn or authcid, this
> complexify a little the sw
Arthur de Jong writes:
> This sounds like a good idea. I would welcome a patch for that. Thanks a
> lot for working on this.
Here is the changelog, patch based on latest svn (revno:1161):
* debian/nslcd.templates: Add nslcd/ldap-auth-type and SASL templates.
* debian/nslcd.config: Manage
On Wed, 2010-06-30 at 19:15 +0200, Daniel Dehennin wrote:
> Arthur de Jong writes:
>
> > I think it is a good idea to keep the te debconf questions close to
> > configuration options. This is probably also clearer to the user and
> > limits the number of questions.
>
> I made some more tests, us
Arthur de Jong writes:
> I think it is a good idea to keep the te debconf questions close to
> configuration options. This is probably also clearer to the user and
> limits the number of questions.
I made some more tests, using a separate question for the auth type
permit to remember settings in
Arthur de Jong writes:
> Perhaps it is also a good idea to move the password question after the
> SASL one or maybe even move the binddn question after SASL. If we keep
> the binddb question before SASL is it safe to skip the SASL question if
> the binddn is empty (is there any reasonable configu
Hi again,
What about a single question like:
Authentication type:
- No authentication
- Simple bind/password
- SASL: LOGIN
- SASL: PLAIN
- SASL: NTLM
- SASL: CRAM-MD5
- SASL: DIGEST-MD5
- SASL: GSSAPI
- SASL: OTP
Regards.
--
Daniel Dehennin
Récupérer ma clef GPG:
gpg --keyserver pgp.mit.edu --r
Arthur de Jong writes:
[...]
> I did notice that you have a separate ldap-sasl and ldap-sasl-mech
> question. I think it would be nicer (to follow the change in
> configuration to get rid of use_sasl) to have only one question which
> asks about the mechanism with a value of "No SASL" or someth
On Fri, 2010-06-25 at 21:39 +0200, Daniel Dehennin wrote:
> Here is my final (for now ;-)) patch, I added some requirement
> informations (minssf and secprops) for some mechanisms but do not set
> them automatically when selecting mechanisms.
Thanks a lot for your patch. I have not yet had the tim
Hello,
I made some more tests with PLAIN and LOGIN:
- require sasl_secprops with one of the following:
* none
* noanonymous
- slapd do not disable them when no TLS as I read
- slapd use saslauthd (with *-MD5, it use /etc/sasldb2 directly)
- PLAIN ask for optional authzid, not LOGIN
Here is my
Hello,
Here is my new patch:
- add cyrus SASL mechanisms to the list.
- ANONYMOUS disable SASL
- LOGIN, PLAIN and *-MD5 require bindpw and sasl_authcid
Note that LOGIN and PLAIN are restricted by OpenLDAP to TLS connections,
so I didn't test them.
I didn't test OTP too.
Regards.
--
Daniel Deh
Package: nslcd
Version: 0.7.6
Severity: wishlist
Hello,
Here is a patch to permit the configuration of SASL authentication with
debconf.
The configuration is limited to GSSAPI for now, I'll try to setup
saslauthd to look at other mechanism.
Regards.
-- System Information:
Debian Release: squee
21 matches
Mail list logo
