[389-users] Re: Scripted letsencrypt certificate for 389-ds

Sun, 29 Mar 2020 17:16:25 -0700 


On 3/29/20 4:53 PM, William Brown wrote:



On 30 Mar 2020, at 06:29, Laurent GUERBY <laur...@guerby.net> wrote:

Hi,

I installed 389-ds 1.4.0.21-1 on a debian 10 system.

When I use cockpit in 389-ds tab I get "{'desc': 'Inappropriate
authentication', 'info': 'SASL EXTERNAL bind requires an SSL
connection'}" so I assume I must install a real certificate.

That's probably not the cause here. More likely this is because the user 
cockpit is running as doesn't have access to the LDAPI socket. LDAPI uses SASL 
EXTERNAL so that the uid/gid can be checked and then mapped to directory server 
users. Are there cockpit logs of what commands it's trying to execute that you 
can check?



The server must have LDAPI configured (I hope you used dscreate to 
create the instance and not setup-ds.pl), then you must log into cockpit 
using root or a user with sudo privileges.  Second, 1.4.0 is dead and 
has not been maintained in a very long time so the UI is probably very 
unstable in that version.  Please use 389-ds-base-1.4.1 or higher.


HTH,

Mark





Is there an official script I could use to configure and maintain a
letsencrypt certificate on a fresh 389-ds install?

The closest I could find (but not tried yet):

https://git.dotlan.net/dhoffend/kolab/blob/73519a40f7adbfdb86394cfb2a0b
9eab39ac9757/debian-kolab16.1/update-letsencrypt.sh

Thanks in advance,

Sincerely,

Laurent
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org

—
Sincerely,

William Brown

Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org


--

389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org






















					Reply via email to