[RADIATOR] LDAP2 and SASL EXTERNAL authetication

Dubravko Penezic dpenezic at srce.hr
Tue Oct 1 12:30:47 UTC 2019 

Hi,

after some searching and trying i finally found working solutions :

 Host localhost

 need to be replace with

 Host ldapi:///

 Port

Dubravko Penezic


On 10/1/19 10:22 AM, Dubravko Penezic wrote:
> Hi,
> 
> I try to use SASL EXTERNAL mechanism to connect to OpenLDAP server
> (authentication is done by UID/GID, on command line it look like follow
> <ldapcommand> -Y EXTERNAL -h ldapi:/// )
> 
> My auth handler look like follow :
> 
> <Handler>
>   Identifier H-authus
> 
>   RewriteUsername s/^([^@]+).*/$1/
> 
>   <AuthBy LDAP2>
> 
>     Host localhost
> 
>     UseSASL
> 
>     SASLMechanism EXTERNAL
> 
>     BaseDN %0=%1,dc=pero,dc=hr
> 
>     Scope base
> 
>     UsernameAttr uid
> 
>     ServerChecksPassword
>     UnbindAfterServerChecksPassword
> 
>     AuthenProto PAP
>   </AuthBy>
> 
>   AuthLog authlogfile
> 
> </Handler>
> 
> RADIATOR log show follow :
> 3755cda0 Tue Oct  1 10:11:49 2019 116427: DEBUG: Handling request with
> Handler '', Identifier 'H-authus'
> 3755cda0 Tue Oct  1 10:11:49 2019 116576: DEBUG: Rewrote user name to
> dpenezic
> 3755cda0 Tue Oct  1 10:11:49 2019 116688: DEBUG: SessINTERNAL: Deleting
> session for dpenezic at pero.hr, 161.53.254.10, 12
> 3755cda0 Tue Oct  1 10:11:49 2019 116746: DEBUG: Handling with
> Radius::AuthLDAP2:
> 00000000 Tue Oct  1 10:11:49 2019 116869: INFO: Connecting to localhost:389
> 00000000 Tue Oct  1 10:11:49 2019 117474: INFO: Connected to localhost:389
> 00000000 Tue Oct  1 10:11:49 2019 117626: INFO: Attempting to bind to
> LDAP server localhost:389
> 00000000 Tue Oct  1 10:11:49 2019 118623: ERR: Could not bind connection
> with , **obscured**, error: LDAP_STRONG_AUTH_NOT_SUPPORTED (server
> localhost:389). SASL error:
> 00000000 Tue Oct  1 10:11:49 2019 118728: ERR: Backing off from
> localhost:389 for 600 seconds.
> 3755cda0 Tue Oct  1 10:11:49 2019 118895: DEBUG: AuthBy LDAP2 result:
> IGNORE, User database access error
> 3755cda0 Tue Oct  1 10:11:49 2019 118956: DEBUG: Access ignored for
> dpenezic: User database access error
> 
> On OpenLDAP server i dont see any request.
> 
> Any suggestion ?
> 
> Dubravko Penezic
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> https://lists.open.com.au/mailman/listinfo/radiator
>

More information about the radiator mailing list