Hi,
Am Sonntag 10 März 2024 um 0:33:06 +0100, schrieb Manuel Kuklinski 1,2K:
> o Contacts.app doesn't seem to send the entered password, whereas
> Directory Utility.app is authenticating properly.
This problem persists - filed a bug report with apple.
> o iOS seems to try to authenticate via SASL/PLAIN, as far as I can
> observe via the debug log. Since the default behaviour seems to be to
> "authenticate users via simple binds", it fails. I can also provide a
> log, if necessary.
> If no: how can I achieve SASL/PLAIN authentication with ldapd(8)?
This is solved: it was due to TLS relayd involed. Without providing TLS
via relayd and the following two statements in /etc/ldapd.conf,
everything is working:
listen on 10.10.10.10 tls
listen on 10.10.10.10 ldaps
I still forward the ports with relayd to ldapd.
> The manpage is not exactly informative about this - or it's just me,
> since I'm tired and feeling dizzy from all this "LDAP'ing".
Excuse my failure to understand the manpage / the authentication process
properly.
Despite everything working, one last nuisance remains - iOS "hangs"
noticeably while searching for contacts:
- - - - - - - - - - %< - - - - - - - - - -
listening on 10.10.10.10:636
listening on 10.10.10.10:389
opening namespace dc=asdfghasdfgh,dc=de
ldape: entering event loop
accepted connection from 10.10.10.10 on fd 10
consumed 31 bytes
received request on fd 10
len 29 class: universal(0) type: sequence(16) encoding 16
len 1 class: universal(0) type: integer(2) encoding 2 value 1
len 24 class: application(1) type: extended(23) encoding 16
len 22 class: context(2) type: (0) encoding 4 string
"1.3.6.1.4.1.1466.20037"
got request type 23, id 1
got extended operation 1.3.6.1.4.1.1466.20037
sending response 24 with result 0
sending response on fd 10
len 36 class: universal(0) type: sequence(16) encoding 16
len 1 class: universal(0) type: integer(2) encoding 2 value 1
len 31 class: application(1) type: extended(24) encoding 16
len 1 class: universal(0) type: enumerated(10) encoding 10 value 0
len 0 class: universal(0) type: octet-string(4) encoding 4 string ""
len 0 class: universal(0) type: octet-string(4) encoding 4 string ""
len 22 class: universal(0) type: octet-string(4) encoding 4 string
"1.3.6.1.4.1.1466.20037"
conn_tls_init: switching to TLS
<hangs here for several seconds>
<works flawlessly afterwards>
- - - - - - - - - - %< - - - - - - - - - -
Any ideas, how to speed this up / change my config? ldapd(8) responds very
quickly on macOS via "Directory Utility.app".
Best wishes.
