Ok so here is some progress
i manually added my user name and password in
/etc/dirsrv/admin-serv/admpw using the htpassword command
if i put cn=<username> I get ldap error 32: No such object in the
admin server error log
but if i just put my username in it finds the entry and i get a
different error ldap error 48: Inappropriate authentication
this is making me wonder if saslauthd may help
On Wed, Mar 11, 2015 at 2:34 PM, Paul Robert Marino <prmarino1(a)gmail.com> wrote:
I know it will probably be a little more complex than that but I
think
it logically should be one of the steps.
although it doesn't explain how "cn=Directory Manager" works
but it makes a lot of sense when you see the 401 error from the login
attempt it comes from the directory specified by
"
<Location /admin-serv/authenticate>
SetHandler user-auth
AuthUserFile /etc/dirsrv/admin-serv/admpw
AuthType basic
AuthName "Admin Server"
Require valid-user
Order allow,deny
Allow from all
</Location>
"
in /etc/dirsrv/admin-serv/admserv.conf
On Wed, Mar 11, 2015 at 2:13 PM, Rich Megginson <rmeggins(a)redhat.com> wrote:
> On 03/11/2015 11:54 AM, Paul Robert Marino wrote:
>>
>> Hey every one
>> I have a question I know at least once in the past i setup the admin
>> console so it could utilize Kerberos passwords based on a howto I
>> found once which after I changed jobs I could never find again.
>>
>> today I was looking for something else and I saw a mention on the site
>> about httpd needing to be compiled with http auth support.
>> well I did a little digging and I found this file
>> /etc/dirsrv/admin-serv/admserv.conf
>>
>> in that file I found a lot of entries that look like this
>> "
>> <LocationMatch /*/[tT]asks/[Cc]onfiguration/*>
>> AuthUserFile /etc/dirsrv/admin-serv/admpw
>> AuthType basic
>> AuthName "Admin Server"
>> Require valid-user
>> AdminSDK on
>> ADMCgiBinDir /usr/lib64/dirsrv/cgi-bin
>> NESCompatEnv on
>> Options +ExecCGI
>> Order allow,deny
>> Allow from all
>> </LocationMatch>
>>
>> "
>> when I checked /etc/dirsrv/admin-serv/admpw sure enough I found the
>> Password hash for the admin user.
>>
>> So my question is before I wast time experimenting could it possibly
>> be as simple as changing the auth type to kerberos
>>
http://modauthkerb.sourceforge.net/configure.html
>
>
> I don't know. I don't think anyone has ever tried it.
>
>> keep in mind my Kerberos Servers do not use LDAP as the backend.
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users