Authenticated bind example:
$ ldapsearch -H ldaps://idmtest1-ec2-va.apache.org:636 -W -b "dc=apache,dc=org" -L -D "uid=cml,ou=people,dc=apache,dc=org" uid=cml Enter LDAP Password: version: 1 # # LDAPv3 # base <dc=apache,dc=org> with scope subtree # filter: uid=cml # requesting: ALL # # cml, people, apache.org dn: uid=cml,ou=people,dc=apache,dc=org [snip] Any tooling relying on UN-authenticated bind will need to switch to using a role account. We're starting a process of locating and adjusting any of these use cases. There are also a number of cases where tools like 'ldapsearch' will use the nss_ldap bind account which is defined in /etc/ldap/ldap.conf, so sometimes it appears the tools work without passwords, but they are actually using the ldap.conf credentials. -Chris > On Oct 6, 2021, at 7:40 PM, Matt Sicker <boa...@gmail.com> wrote: > > What authentication methods are supported now? I remember being unable to > find an incantation of ldapsearch that could authenticate. > > Matt Sicker > >> On Oct 6, 2021, at 18:40, Chris Lambertus <c...@apache.org> wrote: >> >> Hi folks, just to let you know, my primary testing and implementation of >> replication between idmtest1-ec2-va and idmtest2-ec2-va is complete. The >> next stage in testing may be more disruptive -- the slapd.conf ACLs have >> been changed to prevent unauthenticated access to the LDAP directory. >> >> If your project has the capability to test, I would be interested to know if >> Whimsy still functions properly with these security and privacy enhancements >> in place. There will be a more broad discussion on this topic brought to >> Infra lists once initial validation is complete. >> >> Cheers, >> Chris >> >> >> >>> On Sep 29, 2021, at 11:15 AM, Chris Lambertus <c...@apache.org> wrote: >>> >>> FYI, >>> >>> In https://issues.apache.org/jira/browse/INFRA-22091 >>> <https://issues.apache.org/jira/browse/INFRA-22091> a test ldap instance >>> was provided to the Whimsy project. This is a notification that Infra will >>> be performing work on that host over the next few days. The system may be >>> down and data may be unavailable during various operations. I will reply >>> here when work is completed. You may continue using the service, but you >>> may get timeouts or null results. >>> >>> -Chris >>> >>
