On Mon, 2020-03-30 at 06:53 +1000, William Brown wrote:
> On 30 Mar 2020, at 06:29, Laurent GUERBY
<laurent(a)guerby.net>
> wrote:
>
> Hi,
>
> I installed 389-ds 1.4.0.21-1 on a debian 10 system.
>
> When I use cockpit in 389-ds tab I get "{'desc': 'Inappropriate
> authentication', 'info': 'SASL EXTERNAL bind requires an SSL
> connection'}" so I assume I must install a real certificate.
That's probably not the cause here. More likely this is because the
user cockpit is running as doesn't have access to the LDAPI socket.
LDAPI uses SASL EXTERNAL so that the uid/gid can be checked and then
mapped to directory server users. Are there cockpit logs of what
commands it's trying to execute that you can check?
Before I enabled LDAPI I had the following message in the web 389-ds
component :
{'desc': "Can't contact LDAP server", 'errno': 2,
'info': 'No such file
or directory'}
After I enabled LDAPI I got :
{'desc': 'Inappropriate authentication', 'info': 'SASL
EXTERNAL bind
requires an SSL connection'}
As for cockpit logs I went through lots of pages on
https://cockpit-pro
ject.org but could not find how to enable more verbose logs.
In the cockpit logs tab I just have generic information about
cockpit starting.
Thanks for your help,
Sincerely,
Laurent