Monday, March 30, 2020

[389-users] Re: Scripted letsencrypt certificate for 389-ds

On Mon, 2020-03-30 at 06:53 +1000, William Brown wrote:
> > On 30 Mar 2020, at 06:29, Laurent GUERBY <>
> > wrote:
> >
> > Hi,
> >
> > I installed 389-ds on a debian 10 system. 
> >
> > When I use cockpit in 389-ds tab I get "{'desc': 'Inappropriate 
> > authentication', 'info': 'SASL EXTERNAL bind requires an SSL 
> > connection'}" so I assume I must install a real certificate.
> That's probably not the cause here. More likely this is because the
> user cockpit is running as doesn't have access to the LDAPI socket.
> LDAPI uses SASL EXTERNAL so that the uid/gid can be checked and then
> mapped to directory server users. Are there cockpit logs of what
> commands it's trying to execute that you can check?

Before I enabled LDAPI I had the following message in the web 389-ds 
component :

{'desc': "Can't contact LDAP server", 'errno': 2, 'info': 'No such file
or directory'}

After I enabled LDAPI I got :

{'desc': 'Inappropriate authentication', 'info': 'SASL EXTERNAL bind
requires an SSL connection'}

As for cockpit logs I went through lots of pages on https://cockpit-pro but could not find how to enable more verbose logs.

In the cockpit logs tab I just have generic information about
cockpit starting.

Thanks for your help,


389-users mailing list --
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

No comments:

Post a Comment