[RADIATOR] LDAP2 and SASL EXTERNAL authetication
Dubravko Penezic
dpenezic at srce.hr
Tue Oct 1 08:22:23 UTC 2019
Hi,
I try to use SASL EXTERNAL mechanism to connect to OpenLDAP server
(authentication is done by UID/GID, on command line it look like follow
<ldapcommand> -Y EXTERNAL -h ldapi:/// )
My auth handler look like follow :
<Handler>
Identifier H-authus
RewriteUsername s/^([^@]+).*/$1/
<AuthBy LDAP2>
Host localhost
UseSASL
SASLMechanism EXTERNAL
BaseDN %0=%1,dc=pero,dc=hr
Scope base
UsernameAttr uid
ServerChecksPassword
UnbindAfterServerChecksPassword
AuthenProto PAP
</AuthBy>
AuthLog authlogfile
</Handler>
RADIATOR log show follow :
3755cda0 Tue Oct 1 10:11:49 2019 116427: DEBUG: Handling request with
Handler '', Identifier 'H-authus'
3755cda0 Tue Oct 1 10:11:49 2019 116576: DEBUG: Rewrote user name to
dpenezic
3755cda0 Tue Oct 1 10:11:49 2019 116688: DEBUG: SessINTERNAL: Deleting
session for dpenezic at pero.hr, 161.53.254.10, 12
3755cda0 Tue Oct 1 10:11:49 2019 116746: DEBUG: Handling with
Radius::AuthLDAP2:
00000000 Tue Oct 1 10:11:49 2019 116869: INFO: Connecting to localhost:389
00000000 Tue Oct 1 10:11:49 2019 117474: INFO: Connected to localhost:389
00000000 Tue Oct 1 10:11:49 2019 117626: INFO: Attempting to bind to
LDAP server localhost:389
00000000 Tue Oct 1 10:11:49 2019 118623: ERR: Could not bind connection
with , **obscured**, error: LDAP_STRONG_AUTH_NOT_SUPPORTED (server
localhost:389). SASL error:
00000000 Tue Oct 1 10:11:49 2019 118728: ERR: Backing off from
localhost:389 for 600 seconds.
3755cda0 Tue Oct 1 10:11:49 2019 118895: DEBUG: AuthBy LDAP2 result:
IGNORE, User database access error
3755cda0 Tue Oct 1 10:11:49 2019 118956: DEBUG: Access ignored for
dpenezic: User database access error
On OpenLDAP server i dont see any request.
Any suggestion ?
Dubravko Penezic
More information about the radiator
mailing list