On Sun, 2020-03-29 at 20:15 -0400, Mark Reynolds wrote:
On 3/29/20 4:53 PM, William Brown wrote:
>
> > On 30 Mar 2020, at 06:29, Laurent GUERBY <laurent(a)guerby.net>
> > wrote:
> >
> > Hi,
> >
> > I installed 389-ds 1.4.0.21-1 on a debian 10 system.
> >
> > When I use cockpit in 389-ds tab I get "{'desc':
'Inappropriate
> > authentication', 'info': 'SASL EXTERNAL bind requires an SSL
> > connection'}" so I assume I must install a real certificate.
>
> That's probably not the cause here. More likely this is because the
> user cockpit is running as doesn't have access to the LDAPI socket.
> LDAPI uses SASL EXTERNAL so that the uid/gid can be checked and
> then mapped to directory server users. Are there cockpit logs of
> what commands it's trying to execute that you can check?
The server must have LDAPI configured (I hope you used dscreate to
create the instance and not setup-ds.pl), then you must log into
cockpit
using root or a user with sudo privileges.
Since the first 389-ds how to configure information I could find
mentionned setup-ds.pl I installed 389-ds-base-legacy-tools
which provides setup-ds.
I will reinstall with dscreate which is provided by python3-lib389
following :
https://www.port389.org/docs/389ds/howto/howto-install-389.html
Note : the LDAP "root_password" described above must it be be the
password of the "root" unix user or something different used only by
LDAP?
Second, 1.4.0 is dead and
has not been maintained in a very long time so the UI is probably
very
unstable in that version. Please use 389-ds-base-1.4.1 or higher.
I checked and the backport repo for debian 10 (buster) doesn't
have a more recent version than 1.4.0.
Is anyone maintaining a repository with a more recent version
than 1.4.0 for debian ?
ubuntu 18.04 has 1.3.7.10-1ubuntu1 which is even older.
Thanks in advance for your help,
Sincerely,
Laurent