Comments (1)
Firstyear
commented on July 26, 2024
Looking at the code, it looks like this always expects ldaps to the server, so the ldap.conf setting here that actually matters is "tls_reqcert allow": from the ldap.conf page:
allow The server certificate is requested. If no certificate is provided, the session proceeds normally. If a bad certificate is provided, it will be ignored and the session proceeds normally.
This is actually because ldapclient is extremely bad at communicating what went wrong. Almost every failure looks like a bind failure, including a certificate verification error. Like, seriously, look at this:
# ldapwhoami -H ldaps://nonexist.ldap.com
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
# ldapwhoami -H ldaps://ad.blackhats.net.au <-- this is a real server
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
# ldapwhoami -H ldaps://ad.blackhats.net.au:389 <<-- wrong port
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
I'm not even sure where to to start on this - the entire ecosystem of LDAP has spent years neglecting communication of clear actionable errors to clients and users, and I think this kind of thing goes so deep that it's not possible for us to resolve. This will be the ruby LDAPClient library that is reporting the status from the openldap client library here. I do not believe this is possible to fix ....
from yast-auth-server.
Related Issues (11)
- Improve CA/TLS string names HOT 1
- UI is not clear about if ca/pkcs12 needed HOT 4
- Container DN potential for "double entry" on dir suffix HOT 3
- Missing PAckage during installation phase of Kerberos Instance HOT 2
- krb5.conf must exit for Kerberos Instance installation to succeed HOT 2
- Password file for KDC not generated by YaST HOT 1
- yast2 ldap-server and yast2 user/group management HOT 1
- Remove kerberos server with LDAP DB functionality HOT 7
- Incorrect path in message generated by yast2-auth-server package
- No output of error messages in the user interface HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yast-auth-server.