[Ltb-users] Help - Pass-Trough authentication with SASL

Martin Toth snowmailer at gmail.com
Sun Jan 13 16:26:45 CET 2019


Hi all,

I just installed LTB package for Debian to Ubuntu from LTB repo, but its does not work either. Logs showing same behaviour, I cannot see BaseDN - endless fetching.
This is from syslog (repeating):

Jan 13 09:20:42 mysql2 slapd[12912]: conn=1013 fd=41 ACCEPT from IP=[::1]:54728 (IP=[::]:389)
Jan 13 09:20:42 mysql2 slapd[12912]: conn=1013 op=0 BIND dn="" method=128
Jan 13 09:20:42 mysql2 slapd[12912]: conn=1013 op=0 RESULT tag=97 err=0 text=
Jan 13 09:20:42 mysql2 slapd[12912]: conn=1013 op=1 SRCH base="cn=admin,dc=all" scope=0 deref=3 filter="(objectClass=*)"
Jan 13 09:20:42 mysql2 slapd[12912]: conn=1013 op=1 SRCH attr=hasSubordinates objectClass

It’s default installation with only modify of /usr/local/openldap/etc/openldap/slapd.conf, I’ve added (only one modification) :

database        ldap
suffix          "cn=admin,dc=all"
rootdn          "cn=admin,dc=all"
rootpw         "password"

database ldap
suffix “ou=domain.com,dc=all"
uri ldap://IPADDRESSofActiveDirectory
idassert-bind bindmethod=simple
	binddn=“CN=bind,CN=Users,DC=real,DC=suffix"
	credentials=“password"
	mode=none
	flags=non-prescriptive
idassert-authzFrom      "dn.exact:cn=admin,dc=all"

overlay rwm
rwm-suffixmassage "ou=domain.com,dc=all" “dc=real,dc=suffix” 

I can’t understand where is the problem. Thanks for help in advance.

BR.
Martin


> On 13 Jan 2019, at 15:36, Martin Toth <snowmailer at gmail.com> wrote:
> 
> Hi there,
> 
> I am trying do implement Pass-Trough authentication with SASL and I’am using https://ltb-project.org/documentation/general/sasl_delegation <https://ltb-project.org/documentation/general/sasl_delegation> as an example.
> Is it possible that this manual does not work with slapd package from default Ubuntu? 
> 
> So far everything working except last part (pasted bellow) when I am changing meta backend for ldap.
> When I switch backends I can’t see dc=local BaseDN and so on.
> 
> Can someone explain please or point me where the problem could be?
> 
> Thanks, BR!
> Martin
> 
> # Database LDAP for local Manager authentication
> database ldap
> suffix "cn=manager,dc=local"
> rootdn "cn=manager,dc=local"
> rootpw secret
> 
> # Database LDAP for LDAP 1
> database        ldap
> suffix          "ou=LDAP1,dc=local"
> 
> uri ldap://ldap1.example.com <ldap://ldap1.example.com>
> 
> idassert-bind bindmethod=simple
>    binddn="cn=admin,dc=example1,dc=com"
>    credentials="secret"
>    mode=none
>    flags=non-prescriptive
> idassert-authzFrom "dn.exact:cn=Manager,dc=local"
> 
> overlay rwm
> rwm-suffixmassage   "ou=LDAP1,dc=local" "dc=example,dc=com"
> 
> # Database LDAP for LDAP 2
> database        ldap
> suffix          "ou=LDAP1,dc=local"
> 
> uri  ldap://ldap2.example.com <ldap://ldap2.example.com>
> 
> idassert-bind bindmethod=simple
>   binddn="cn=admin,dc=example2,dc=com"
>   credentials="secret"
>   mode=none
>   flags=non-prescriptive
> idassert-authzFrom "dn.exact:cn=Manager,dc=local"
> 
> overlay rwm
> rwm-suffixmassage   "ou=LDAP1,dc=local" "dc=example,dc=com"
> 
> # Example of rwm configuration for Active Directory
> rwm-map attribute uid sAMAccountName
> rwm-map attribute * *

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20190113/25ea3ea7/attachment.html>


More information about the ltb-users mailing list