> On 30 Mar 2020, at 10:15, Mark Reynolds <mreynolds@xxxxxxxxxx> wrote:
>
>
> On 3/29/20 4:53 PM, William Brown wrote:
>>
>>> On 30 Mar 2020, at 06:29, Laurent GUERBY <laurent@xxxxxxxxxx> wrote:
>>>
>>> Hi,
>>>
>>> I installed 389-ds 1.4.0.21-1 on a debian 10 system.
>>>
>>> When I use cockpit in 389-ds tab I get "{'desc': 'Inappropriate
>>> authentication', 'info': 'SASL EXTERNAL bind requires an SSL
>>> connection'}" so I assume I must install a real certificate.
>> That's probably not the cause here. More likely this is because the user cockpit is running as doesn't have access to the LDAPI socket. LDAPI uses SASL EXTERNAL so that the uid/gid can be checked and then mapped to directory server users. Are there cockpit logs of what commands it's trying to execute that you can check?
>
> The server must have LDAPI configured (I hope you used dscreate to create the instance and not setup-ds.pl),
That's very true, good spotting Mark. I wonder if debian ships with pl instead of py .... :(
> then you must log into cockpit using root or a user with sudo privileges. Second, 1.4.0 is dead and has not been maintained in a very long time so the UI is probably very unstable in that version. Please use 389-ds-base-1.4.1 or higher.
It could be a debian packaging quirk, sometimes they backport patches instead ... we'd need to check with that maintainer.
>
> HTH,
>
> Mark
>
>>
>>
>>> Is there an official script I could use to configure and maintain a
>>> letsencrypt certificate on a fresh 389-ds install?
>>>
>>> The closest I could find (but not tried yet):
>>>
>>> https://git.dotlan.net/dhoffend/kolab/blob/73519a40f7adbfdb86394cfb2a0b
>>> 9eab39ac9757/debian-kolab16.1/update-letsencrypt.sh
>>>
>>> Thanks in advance,
>>>
>>> Sincerely,
>>>
>>> Laurent
>>> _______________________________________________
>>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> —
>> Sincerely,
>>
>> William Brown
>>
>> Senior Software Engineer, 389 Directory Server
>> SUSE Labs
>> _______________________________________________
>> 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
>> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
>
> --
>
> 389 Directory Server Development Team
—
Sincerely,
William Brown
Senior Software Engineer, 389 Directory Server
SUSE Labs
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
