* auto.master in ldap + simple bind @ 2009-01-16 14:54 Ondrej Valousek 2009-01-16 16:12 ` Ian Kent 0 siblings, 1 reply; 14+ messages in thread From: Ondrej Valousek @ 2009-01-16 14:54 UTC (permalink / raw) To: autofs@linux.kernel.org Hi all, I am trying to configure autofs (RHEL 5.2) to gather all maps from Active Directory using simple bind using proxy user. I have already managed to configure the PADL nss switch to do so using this: host 192.168.60.172 base dc=ad,dc=s3group,dc=cz binddn cn=ldapproxy,cn=Users,dc=ad,dc=s3group,dc=cz bindpw password Now I am wondering how to do the same with the automounter. Does anyone know? I see lots of options on how to configure TLS or SASL, but I just need a simple bind. Many thanks, Ondrej ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-16 14:54 auto.master in ldap + simple bind Ondrej Valousek @ 2009-01-16 16:12 ` Ian Kent 2009-01-17 5:03 ` Ian Kent 0 siblings, 1 reply; 14+ messages in thread From: Ian Kent @ 2009-01-16 16:12 UTC (permalink / raw) To: Ondrej Valousek; +Cc: autofs@linux.kernel.org On Fri, 2009-01-16 at 15:54 +0100, Ondrej Valousek wrote: > Hi all, > I am trying to configure autofs (RHEL 5.2) to gather all maps from > Active Directory using simple bind using proxy user. > I have already managed to configure the PADL nss switch to do so using this: > > host 192.168.60.172 > base dc=ad,dc=s3group,dc=cz > binddn cn=ldapproxy,cn=Users,dc=ad,dc=s3group,dc=cz > bindpw password > > Now I am wondering how to do the same with the automounter. Does anyone > know? > I see lots of options on how to configure TLS or SASL, but I just need a > simple bind. This might work. authrequired="yes" user="cn=ldapproxy,cn=Users,dc=ad,dc=s3group,dc=cz" secret="password" You might also need to play with authtype. Ian ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-16 16:12 ` Ian Kent @ 2009-01-17 5:03 ` Ian Kent 2009-01-18 19:01 ` webserv 0 siblings, 1 reply; 14+ messages in thread From: Ian Kent @ 2009-01-17 5:03 UTC (permalink / raw) To: Ondrej Valousek; +Cc: autofs@linux.kernel.org On Sat, 2009-01-17 at 01:12 +0900, Ian Kent wrote: > On Fri, 2009-01-16 at 15:54 +0100, Ondrej Valousek wrote: > > Hi all, > > I am trying to configure autofs (RHEL 5.2) to gather all maps from > > Active Directory using simple bind using proxy user. > > I have already managed to configure the PADL nss switch to do so using this: > > > > host 192.168.60.172 > > base dc=ad,dc=s3group,dc=cz > > binddn cn=ldapproxy,cn=Users,dc=ad,dc=s3group,dc=cz > > bindpw password > > > > Now I am wondering how to do the same with the automounter. Does anyone > > know? > > I see lots of options on how to configure TLS or SASL, but I just need a > > simple bind. > > This might work. > > authrequired="yes" > user="cn=ldapproxy,cn=Users,dc=ad,dc=s3group,dc=cz" > secret="password" > > You might also need to play with authtype. Of course that's contained in /etc/autofs_ldap_auth.conf > > Ian > > > _______________________________________________ > autofs mailing list > autofs@linux.kernel.org > http://linux.kernel.org/mailman/listinfo/autofs ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-17 5:03 ` Ian Kent @ 2009-01-18 19:01 ` webserv 2009-01-19 2:42 ` Ian Kent 0 siblings, 1 reply; 14+ messages in thread From: webserv @ 2009-01-18 19:01 UTC (permalink / raw) To: Ian Kent; +Cc: autofs@linux.kernel.org Hi Ian, I tried that already, also played with several authtypes and still no joy. So I enabled autofs debugging and saw that no matter what I try, automounter tries to bind anonymously - that fails with AD. I need to bind using the proxy user... Thanks, Ondrej > On Sat, 2009-01-17 at 01:12 +0900, Ian Kent wrote: >> On Fri, 2009-01-16 at 15:54 +0100, Ondrej Valousek wrote: >> > Hi all, >> > I am trying to configure autofs (RHEL 5.2) to gather all maps from >> > Active Directory using simple bind using proxy user. >> > I have already managed to configure the PADL nss switch to do so using >> this: >> > >> > host 192.168.60.172 >> > base dc=ad,dc=s3group,dc=cz >> > binddn cn=ldapproxy,cn=Users,dc=ad,dc=s3group,dc=cz >> > bindpw password >> > >> > Now I am wondering how to do the same with the automounter. Does >> anyone >> > know? >> > I see lots of options on how to configure TLS or SASL, but I just need >> a >> > simple bind. >> >> This might work. >> >> authrequired="yes" >> user="cn=ldapproxy,cn=Users,dc=ad,dc=s3group,dc=cz" >> secret="password" >> >> You might also need to play with authtype. > > Of course that's contained in /etc/autofs_ldap_auth.conf > >> >> Ian >> >> >> _______________________________________________ >> autofs mailing list >> autofs@linux.kernel.org >> http://linux.kernel.org/mailman/listinfo/autofs > > The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited. Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18 ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-18 19:01 ` webserv @ 2009-01-19 2:42 ` Ian Kent 2009-01-19 11:26 ` Ondrej Valousek 2009-01-21 9:36 ` Ondrej Valousek 0 siblings, 2 replies; 14+ messages in thread From: Ian Kent @ 2009-01-19 2:42 UTC (permalink / raw) To: webserv; +Cc: autofs@linux.kernel.org On Sun, 2009-01-18 at 19:01 +0000, webserv@s3group.com wrote: > Hi Ian, > I tried that already, also played with several authtypes and still no joy. > So I enabled autofs debugging and saw that no matter what I try, > automounter tries to bind anonymously - that fails with AD. I need to bind > using the proxy user... Show us the logs. > Thanks, > Ondrej > > On Sat, 2009-01-17 at 01:12 +0900, Ian Kent wrote: > >> On Fri, 2009-01-16 at 15:54 +0100, Ondrej Valousek wrote: > >> > Hi all, > >> > I am trying to configure autofs (RHEL 5.2) to gather all maps from > >> > Active Directory using simple bind using proxy user. > >> > I have already managed to configure the PADL nss switch to do so using > >> this: > >> > > >> > host 192.168.60.172 > >> > base dc=ad,dc=s3group,dc=cz > >> > binddn cn=ldapproxy,cn=Users,dc=ad,dc=s3group,dc=cz > >> > bindpw password > >> > > >> > Now I am wondering how to do the same with the automounter. Does > >> anyone > >> > know? > >> > I see lots of options on how to configure TLS or SASL, but I just need > >> a > >> > simple bind. > >> > >> This might work. > >> > >> authrequired="yes" > >> user="cn=ldapproxy,cn=Users,dc=ad,dc=s3group,dc=cz" > >> secret="password" > >> > >> You might also need to play with authtype. > > > > Of course that's contained in /etc/autofs_ldap_auth.conf > > > >> > >> Ian > >> > >> > >> _______________________________________________ > >> autofs mailing list > >> autofs@linux.kernel.org > >> http://linux.kernel.org/mailman/listinfo/autofs > > > > > > > > The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). > Please direct any additional queries to: communications@s3group.com. > Thank You. > Silicon and Software Systems Limited. Registered in Ireland no. 378073. > Registered Office: South County Business Park, Leopardstown, Dublin 18 ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-19 2:42 ` Ian Kent @ 2009-01-19 11:26 ` Ondrej Valousek 2009-01-21 9:36 ` Ondrej Valousek 1 sibling, 0 replies; 14+ messages in thread From: Ondrej Valousek @ 2009-01-19 11:26 UTC (permalink / raw) To: Ian Kent; +Cc: autofs@linux.kernel.org > Show us the logs. > > Hi Ian, I did some digging around and found this: 1. autofs 5 as shipped with RHEL 5.2 does not seem to support simple bind (i.e. something like ldapsearch -x .....) to a LDAP server not supporting anonymous access - like Active Directory (note for the record: Autofs 4 does only support anonymous ldap server) 2. The only other thing autofs 5 can do is various SASL authentication schemes (GSSAPI, PLAIN,.....). 3. Active Directory can do SASL and the common mechanisms that both can do is GSSAPI and DIGEST-MD5. 4. I tried with DIGEST-MD5: [root@dorado_v1 etc]# cat /etc/sysconfig/autofs LDAP_URI="ldap://WIN-UG29HR9IEGY" SEARCH_BASE="cn=praguetest,cn=prague,dc=ad,dc=s3group,dc=cz" .... [root@dorado_v1 etc]# cat /etc/autofs_ldap_auth.conf <autofs_ldap_sasl_conf usetls="no" tlsrequired="no" authrequired="yes" authtype="DIGEST-MD5" user="ldapproxy" secret="1234proxy$" /> Verified with ldapsearch its functionality: [root@dorado_v1 etc]# ldapsearch -H ldap://WIN-UG29HR9IEGY -Y DIGEST-MD5 -U ldapproxy -w 1234proxy$ -b "cn=praguetest,cn=prague,dc=ad,dc=s3group,dc=cz" objectClass=nisMap SASL/DIGEST-MD5 authentication started SASL username: ldapproxy SASL SSF: 128 SASL installing layers # extended LDIF # # LDAPv3 # base <cn=praguetest,cn=prague,dc=ad,dc=s3group,dc=cz> with scope subtree # filter: objectClass=nisMap # requesting: ALL # # auto.master, praguetest, prague, ad.s3group.cz dn: CN=auto.master,CN=praguetest,CN=prague,DC=ad,DC=s3group,DC=cz objectClass: top objectClass: nisMap cn: auto.master distinguishedName: CN=auto.master,CN=praguetest,CN=prague,DC=ad,DC=s3group,DC= cz instanceType: 4 whenCreated: 20090116124656.0Z whenChanged: 20090116124656.0Z uSNCreated: 20610 uSNChanged: 20610 showInAdvancedViewOnly: TRUE name: auto.master objectGUID:: 2T1wg8oG70G3VpHKlieoWQ== objectCategory: CN=NisMap,CN=Schema,CN=Configuration,DC=ad,DC=s3group,DC=cz dSCorePropagationData: 16010101000000.0Z nisMapName: auto.master .... eheeej should for with the automounter, ok? But it does not: Jan 19 11:55:41 dorado_v1 automount[22886]: Starting automounter version 5.0.1-0.rc2.88.el5_2.1, master map auto.master Jan 19 11:55:41 dorado_v1 automount[22886]: using kernel protocol version 5.00 Jan 19 11:55:41 dorado_v1 automount[22886]: lookup_nss_read_master: reading master files auto.master Jan 19 11:55:41 dorado_v1 automount[22886]: parse_init: parse(sun): init gathered global options: (null) Jan 19 11:55:41 dorado_v1 automount[22886]: lookup_read_master: lookup(file): read entry /misc Jan 19 11:55:41 dorado_v1 automount[22886]: lookup_read_master: lookup(file): read entry /net Jan 19 11:55:41 dorado_v1 automount[22886]: lookup_read_master: lookup(file): read entry +auto.master Jan 19 11:55:41 dorado_v1 automount[22886]: lookup_nss_read_master: reading master files auto.master Jan 19 11:55:41 dorado_v1 automount[22886]: parse_init: parse(sun): init gathered global options: (null) Jan 19 11:55:41 dorado_v1 automount[22886]: lookup_nss_read_master: reading master ldap auto.master Jan 19 11:55:41 dorado_v1 automount[22886]: parse_server_string: lookup(ldap): Attempting to parse LDAP information from string "auto.master". Jan 19 11:55:41 dorado_v1 automount[22886]: parse_server_string: lookup(ldap): mapname auto.master Jan 19 11:55:41 dorado_v1 automount[22886]: parse_ldap_config: lookup(ldap): ldap authentication configured with the following options: Jan 19 11:55:41 dorado_v1 automount[22886]: parse_ldap_config: lookup(ldap): use_tls: 0, tls_required: 0, auth_required: 2, sasl_mech: DIGEST-MD5 Jan 19 11:55:41 dorado_v1 automount[22886]: parse_ldap_config: lookup(ldap): user: ldapproxy, secret: specified, client principal: (null) credential cache: (null) Jan 19 11:55:41 dorado_v1 automount[22886]: find_server: trying server ldap://WIN-UG29HR9IEGY Jan 19 11:55:41 dorado_v1 automount[22886]: sasl_bind_mech: Attempting sasl bind with mechanism DIGEST-MD5 Jan 19 11:55:41 dorado_v1 automount[22886]: sasl_log_func: DIGEST-MD5 client step 2 Jan 19 11:55:41 dorado_v1 automount[22886]: getuser_func: called with context (nil), id 16386. Jan 19 11:55:41 dorado_v1 automount[22886]: getuser_func: called with context (nil), id 16385. Jan 19 11:55:41 dorado_v1 automount[22886]: getpass_func: context (nil), id 16388 Jan 19 11:55:41 dorado_v1 automount[22886]: sasl_log_func: DIGEST-MD5 client step 3 Jan 19 11:55:41 dorado_v1 automount[22886]: sasl_bind_mech: sasl bind with mechanism DIGEST-MD5 succeeded Jan 19 11:55:41 dorado_v1 automount[22886]: do_bind: lookup(ldap): auth_required: 2, sasl_mech DIGEST-MD5 Jan 19 11:55:41 dorado_v1 automount[22886]: sasl_bind_mech: Attempting sasl bind with mechanism DIGEST-MD5 Jan 19 11:55:41 dorado_v1 automount[22886]: sasl_log_func: DIGEST-MD5 client step 1 Jan 19 11:55:41 dorado_v1 automount[22886]: getuser_func: called with context (nil), id 16386. Jan 19 11:55:41 dorado_v1 automount[22886]: getuser_func: called with context (nil), id 16385. Jan 19 11:55:41 dorado_v1 automount[22886]: getpass_func: context (nil), id 16388 Jan 19 11:55:41 dorado_v1 automount[22886]: Error parsing response to sasl_bind request: Invalid credentials. Jan 19 11:55:41 dorado_v1 automount[22886]: The LDAP server indicated that the LDAP SASL bind was incomplete, but did not provide the required data to proceed. LDAP SASL bind with mechanism DIGEST-MD5 failed. Jan 19 11:55:41 dorado_v1 automount[22886]: sasl bind with mechanism DIGEST-MD5 failed Jan 19 11:55:41 dorado_v1 automount[22886]: do_bind: lookup(ldap): autofs_sasl_bind returned -1 Jan 19 11:55:41 dorado_v1 automount[22886]: connect_to_server: lookup(ldap): cannot bind to server Jan 19 11:55:41 dorado_v1 automount[22886]: lookup_init: lookup(ldap): failed to find available server Now tell me - it looks good at the beginning, but then something goes wrong... Please advise... Thanks, Ondrej ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-19 2:42 ` Ian Kent 2009-01-19 11:26 ` Ondrej Valousek @ 2009-01-21 9:36 ` Ondrej Valousek 2009-01-21 13:03 ` Ian Kent 1 sibling, 1 reply; 14+ messages in thread From: Ondrej Valousek @ 2009-01-21 9:36 UTC (permalink / raw) Cc: autofs@linux.kernel.org There is something rotten in the lookup_ldap.c but I can not point my finger on it. Things go bad in the lookup_init() function: 5 4.389459 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(1) "<ROOT>" sasl 6 4.390383 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(1) saslBindInProgress 7 4.390396 192.168.60.171 -> 192.168.60.172 TCP 39957 > ldap [ACK] Seq=27 Ack=218 Win=6912 Len=0 TSV=17330479 TSER=592592279 8 4.390846 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(2) "<ROOT>" sasl 9 4.392733 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(2) success 10 4.393095 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(3) "<ROOT>" sasl 11 4.394062 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(3) invalidCredentials (00090313: LdapErr: DSID-0C0904D1, comment: AcceptSecurityContext error, data 0, v1771) 12 4.394188 192.168.60.171 -> 192.168.60.172 LDAP unbindRequest(4) Packet 8,9 - we connect to the server to verify the authentication mechanism, but then we should drop the connection - line 1286 - call to ldap_unbind_connection(). But this never happens according to the tcpdump. Instead, another bind follows and fails. The question is now: 1. Why is there no unbindRequest packet? In general, I see 3 bind requests but only one unbindrequest.... 2. Why the second bindRequest fails and the first one succeeds? I do not want to be too picky, but Windows Server 2008 is the first server OS from MS to support RFC2307 LDAP schema so I believe we should be able to connect to it. I have opened a case #1887566 with RedHat regarding this.... Ondrej ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-21 9:36 ` Ondrej Valousek @ 2009-01-21 13:03 ` Ian Kent 2009-01-21 13:11 ` Ondrej Valousek 0 siblings, 1 reply; 14+ messages in thread From: Ian Kent @ 2009-01-21 13:03 UTC (permalink / raw) To: Ondrej Valousek; +Cc: autofs@linux.kernel.org On Wed, 2009-01-21 at 10:36 +0100, Ondrej Valousek wrote: > There is something rotten in the lookup_ldap.c but I can not point my > finger on it. > Things go bad in the lookup_init() function: > 5 4.389459 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(1) > "<ROOT>" sasl > 6 4.390383 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(1) > saslBindInProgress > 7 4.390396 192.168.60.171 -> 192.168.60.172 TCP 39957 > ldap [ACK] > Seq=27 Ack=218 Win=6912 Len=0 TSV=17330479 TSER=592592279 > 8 4.390846 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(2) > "<ROOT>" sasl > 9 4.392733 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(2) success > 10 4.393095 192.168.60.171 -> 192.168.60.172 LDAP bindRequest(3) > "<ROOT>" sasl > 11 4.394062 192.168.60.172 -> 192.168.60.171 LDAP bindResponse(3) > invalidCredentials (00090313: LdapErr: DSID-0C0904D1, comment: > AcceptSecurityContext error, data 0, v1771) > 12 4.394188 192.168.60.171 -> 192.168.60.172 LDAP unbindRequest(4) > > Packet 8,9 - we connect to the server to verify the authentication > mechanism, but then we should drop the connection - line 1286 - call to > ldap_unbind_connection(). But this never happens according to the > tcpdump. Instead, another bind follows and fails. The question is now: > 1. Why is there no unbindRequest packet? In general, I see 3 bind > requests but only one unbindrequest.... > 2. Why the second bindRequest fails and the first one succeeds? > > I do not want to be too picky, but Windows Server 2008 is the first > server OS from MS to support RFC2307 LDAP schema so I believe we should > be able to connect to it. I have opened a case #1887566 with RedHat > regarding this.... Have you tried GSSAPI, doesn't Windows require Kerberos auth by default? Are you sure that the Windows server is allowing simple binds (that was what you wanted right)? Ian ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-21 13:03 ` Ian Kent @ 2009-01-21 13:11 ` Ondrej Valousek 2009-01-21 13:22 ` Ian Kent 0 siblings, 1 reply; 14+ messages in thread From: Ondrej Valousek @ 2009-01-21 13:11 UTC (permalink / raw) To: Ian Kent; +Cc: autofs@linux.kernel.org Ian, To recap: Win2k8 comes with RFC2307 compliance so I wanted to try to connect autofs (all maps) to it. I did not want to play with GSSAPI - it is too complicated. But neither I wanted simple anonymous bind - too insecure. So I see Win2k8 supports SASL/DIGEST-MD5, verified with ldapsearch that it works, I also see autofs5 supports it - so I wanted to use it. Unfortunately it is broken at the autofs side (see my previous post). Ondrej > Have you tried GSSAPI, doesn't Windows require Kerberos auth by default? > Are you sure that the Windows server is allowing simple binds (that was > what you wanted right)? > > Ian > > > ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-21 13:11 ` Ondrej Valousek @ 2009-01-21 13:22 ` Ian Kent 2009-01-21 13:29 ` Ondrej Valousek 0 siblings, 1 reply; 14+ messages in thread From: Ian Kent @ 2009-01-21 13:22 UTC (permalink / raw) To: Ondrej Valousek; +Cc: autofs@linux.kernel.org On Wed, 2009-01-21 at 14:11 +0100, Ondrej Valousek wrote: > Ian, > To recap: > Win2k8 comes with RFC2307 compliance so I wanted to try to connect > autofs (all maps) to it. > I did not want to play with GSSAPI - it is too complicated. But neither > I wanted simple anonymous bind - too insecure. So I see Win2k8 supports > SASL/DIGEST-MD5, verified with ldapsearch that it works, I also see > autofs5 supports it - so I wanted to use it. > Unfortunately it is broken at the autofs side (see my previous post). What is the actual SASL user dn? Does your ldapsearch work without the -b option? > Ondrej > > > Have you tried GSSAPI, doesn't Windows require Kerberos auth by default? > > Are you sure that the Windows server is allowing simple binds (that was > > what you wanted right)? > > > > Ian > > > > > > > ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-21 13:22 ` Ian Kent @ 2009-01-21 13:29 ` Ondrej Valousek 2009-01-21 13:49 ` Ian Kent 0 siblings, 1 reply; 14+ messages in thread From: Ondrej Valousek @ 2009-01-21 13:29 UTC (permalink / raw) To: Ian Kent; +Cc: autofs@linux.kernel.org > > What is the actual SASL user dn? > Does your ldapsearch work without the -b option? > > With SASL, we do not talk about user DN, we talk about authentication ID for SASL bind instead. This is an example of ldapsearch that works for me against Win2k8: ldapsearch -H ldap://192.168.60.172 -Y DIGEST-MD5 -U "ldapproxy" -w 1234proxy$ -b "cn=praguetest,cn=prague,dc=ad,dc=s3group,dc=cz" objectClass=* cn objectClass nisMapName nisMapEntry ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-21 13:29 ` Ondrej Valousek @ 2009-01-21 13:49 ` Ian Kent 2009-01-21 13:52 ` Ondrej Valousek 0 siblings, 1 reply; 14+ messages in thread From: Ian Kent @ 2009-01-21 13:49 UTC (permalink / raw) To: Ondrej Valousek; +Cc: autofs@linux.kernel.org On Wed, 2009-01-21 at 14:29 +0100, Ondrej Valousek wrote: > > > > What is the actual SASL user dn? > > Does your ldapsearch work without the -b option? > > > > > > With SASL, we do not talk about user DN, we talk about authentication ID > for SASL bind instead. > This is an example of ldapsearch that works for me against Win2k8: > ldapsearch -H ldap://192.168.60.172 -Y DIGEST-MD5 -U "ldapproxy" -w > 1234proxy$ -b "cn=praguetest,cn=prague,dc=ad,dc=s3group,dc=cz" > objectClass=* cn objectClass nisMapName nisMapEntry I know but what happens to the authentication attempt if you do not specify the -b option. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-21 13:49 ` Ian Kent @ 2009-01-21 13:52 ` Ondrej Valousek 2009-01-21 15:51 ` Ian Kent 0 siblings, 1 reply; 14+ messages in thread From: Ondrej Valousek @ 2009-01-21 13:52 UTC (permalink / raw) To: Ian Kent; +Cc: autofs@linux.kernel.org I do not know what you are after. The -b option is no significance for the authentication process. Anyway - it works without it, too (just tried). Ondrej > I know but what happens to the authentication attempt if you do not > specify the -b option. > > ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: auto.master in ldap + simple bind 2009-01-21 13:52 ` Ondrej Valousek @ 2009-01-21 15:51 ` Ian Kent 0 siblings, 0 replies; 14+ messages in thread From: Ian Kent @ 2009-01-21 15:51 UTC (permalink / raw) To: Ondrej Valousek; +Cc: autofs@linux.kernel.org On Wed, 2009-01-21 at 14:52 +0100, Ondrej Valousek wrote: > I do not know what you are after. The -b option is no significance for > the authentication process. Anyway - it works without it, too (just tried). OK, I'll setup SASL and see what happens but I don't really know what is needed for it to be like an AD connection. But maybe I've broken the auth in some way over time. > Ondrej > > I know but what happens to the authentication attempt if you do not > > specify the -b option. > > > > > ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2009-01-21 15:51 UTC | newest] Thread overview: 14+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-01-16 14:54 auto.master in ldap + simple bind Ondrej Valousek 2009-01-16 16:12 ` Ian Kent 2009-01-17 5:03 ` Ian Kent 2009-01-18 19:01 ` webserv 2009-01-19 2:42 ` Ian Kent 2009-01-19 11:26 ` Ondrej Valousek 2009-01-21 9:36 ` Ondrej Valousek 2009-01-21 13:03 ` Ian Kent 2009-01-21 13:11 ` Ondrej Valousek 2009-01-21 13:22 ` Ian Kent 2009-01-21 13:29 ` Ondrej Valousek 2009-01-21 13:49 ` Ian Kent 2009-01-21 13:52 ` Ondrej Valousek 2009-01-21 15:51 ` Ian Kent
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.