How do I configure the directory to work with SASL? Any descriptions somewhere, I noticed several comments on the list hinting that I have missed some existing documentation besides the manuals and googling.
I don't really care what setup, I just want to be able to authenticate against the directory somehow.
Henrik
devel - Fashion Content wrote:
How do I configure the directory to work with SASL? Any descriptions somewhere, I noticed several comments on the list hinting that I have missed some existing documentation besides the manuals and googling.
Did you have a chance to see these docs? http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#996824 http://directory.fedora.redhat.com/wiki/Howto:Kerberos
Thanks, --noriko
I don't really care what setup, I just want to be able to authenticate against the directory somehow.
Henrik
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
From: "Noriko Hosoi" nhosoi@redhat.com
How do I configure the directory to work with SASL? Any descriptions somewhere, I noticed several comments on the list hinting that I have missed some existing documentation besides the manuals and googling.
Did you have a chance to see these docs? http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#996824 http://directory.fedora.redhat.com/wiki/Howto:Kerberos
Interesting, but isn't it more prudent to get the simplest configuration working first.
Or is getting cyrus-sasl to work difficult?
I currently see a potential conflict between open ldap client + cyrus-sasl vs Fedora ldap + sasl.
I'm not sure to what extent there actually is a conflict, but it's definately confusing.
Henrik
devel - Fashion Content wrote:
From: "Noriko Hosoi" nhosoi@redhat.com
How do I configure the directory to work with SASL? Any descriptions somewhere, I noticed several comments on the list hinting that I have missed some existing documentation besides the manuals and googling.
Did you have a chance to see these docs? http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#996824 http://directory.fedora.redhat.com/wiki/Howto:Kerberos
Interesting, but isn't it more prudent to get the simplest configuration working first.
Or is getting cyrus-sasl to work difficult?
I currently see a potential conflict between open ldap client + cyrus-sasl vs Fedora ldap + sasl.
I'm not sure to what extent there actually is a conflict, but it's definately confusing.
What symptom do you have? Do you get error messages from your client tools? Do you see any errors in the errors log and/or access log in the Fedora Directory Server?
BTW, Fedora DS uses cyrus sasl v2.1.20.
--noriko
Henrik
Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
From: "Noriko Hosoi" nhosoi@redhat.com
I currently see a potential conflict between open ldap client + cyrus-sasl vs Fedora ldap + sasl.
I'm not sure to what extent there actually is a conflict, but it's definately confusing.
What symptom do you have? Do you get error messages from your client tools? Do you see any errors in the errors log and/or access log in the Fedora Directory Server?
OpenLDAP ldapsearch: Shows userPassword results hashed, but otherwise shows the users I look up OpenLDAP ldapsearch userPassword=secret: Success Fedora ldapsearch: Fails to find anything testsaslauthd -u devel -p secret: Fails to find anything, error code 32 I think
I haven't figured out how to make saslauthd report the ldap queries, so I know very little of what happens and the Fedora logs don't appear to help much more.
BTW, Fedora DS uses cyrus sasl v2.1.20.
Interesting. I have installed cyrus sasl using yum, will that be another installation than the one Fedora DS uses? will it use different conf files?
I wouldn't be at all surprised if the problem is down to me configuring the wrong ldap+sasl combination.
Henrik
devel - Fashion Content wrote:
[...] OpenLDAP ldapsearch: Shows userPassword results hashed, but otherwise shows the users I look up OpenLDAP ldapsearch userPassword=secret: Success Fedora ldapsearch: Fails to find anything
??? Users are not stored in the Fedora DS? Or auth as the user with the password fails and does not return anything?
If you run this command, what mechanism list do you get? Is the mechanism you are trying to use is on the list? $ cd /opt/fedora-ds/shared/bin $ ./ldapsearch -p <your_port> -D <directory_manager> -w <directory_manager_passwd> -b "" -s base "(objectclass=*)" supportedSASLMechanisms version: 1 dn: supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: PLAIN supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: ANONYMOUS supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: DIGEST-MD5
testsaslauthd -u devel -p secret: Fails to find anything, error code 32 I think
I haven't figured out how to make saslauthd report the ldap queries, so I know very little of what happens and the Fedora logs don't appear to help much more.
BTW, Fedora DS uses cyrus sasl v2.1.20.
Interesting. I have installed cyrus sasl using yum, will that be another installation than the one Fedora DS uses? will it use different conf files?
I wouldn't be at all surprised if the problem is down to me configuring the wrong ldap+sasl combination.
Henrik
Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org