> On 30 Mar 2020, at 10:15, Mark Reynolds <mreyno...@redhat.com> wrote:
>
>
> On 3/29/20 4:53 PM, William Brown wrote:
>>
>>> On 30 Mar 2020, at 06:29, Laurent GUERBY <laur...@guerby.net> wrote:
>>>
>>> Hi,
>>>
>>> I installed 389-ds 1.4.0.21-1 on a debian 10 system.
>>>
>>> When I use cockpit in 389-ds tab I get "{'desc': 'Inappropriate
>>> authentication', 'info': 'SASL EXTERNAL bind requires an SSL
>>> connection'}" so I assume I must install a real certificate.
>> That's probably not the cause here. More likely this is because the user
>> cockpit is running as doesn't have access to the LDAPI socket. LDAPI uses
>> SASL EXTERNAL so that the uid/gid can be checked and then mapped to
>> directory server users. Are there cockpit logs of what commands it's trying
>> to execute that you can check?
>
> The server must have LDAPI configured (I hope you used dscreate to create the
> instance and not setup-ds.pl),
That's very true, good spotting Mark. I wonder if debian ships with pl instead
of py .... :(
> then you must log into cockpit using root or a user with sudo privileges.
> Second, 1.4.0 is dead and has not been maintained in a very long time so the
> UI is probably very unstable in that version. Please use 389-ds-base-1.4.1
> or higher.
It could be a debian packaging quirk, sometimes they backport patches instead
... we'd need to check with that maintainer.
>
> HTH,
>
> Mark
>
>>
>>
>>> Is there an official script I could use to configure and maintain a
>>> letsencrypt certificate on a fresh 389-ds install?
>>>
>>> The closest I could find (but not tried yet):
>>>
>>> https://git.dotlan.net/dhoffend/kolab/blob/73519a40f7adbfdb86394cfb2a0b
>>> 9eab39ac9757/debian-kolab16.1/update-letsencrypt.sh
>>>
>>> Thanks in advance,
>>>
>>> Sincerely,
>>>
>>> Laurent
>>> _______________________________________________
>>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>>> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
>>> Fedora Code of Conduct:
>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives:
>>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>> —
>> Sincerely,
>>
>> William Brown
>>
>> Senior Software Engineer, 389 Directory Server
>> SUSE Labs
>> _______________________________________________
>> 389-users mailing list -- 389-users@lists.fedoraproject.org
>> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
>
> --
>
> 389 Directory Server Development Team
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
