<p>
Hi all,<br />
I'm trying to get SASL working with OpenLDAP + TLS. I got it working without TLS with these settings:<br />
<br />
slapd.conf:<br />
----------<br />
TLSCipherSuite HIGH:MEDIUM:+SSLv3<br />
TLSCACertificateFile /var/myCA/cacert.crt<br />
TLSCertificateFile /var/myCA/server_crt.pem<br />
TLSCertificateKeyFile /var/myCA/server_key.pem<br />
<br />
# Use the following if client authentication is required<br />
#TLSVerifyClient demand<br />
# ... or not desired at all<br />
TLSVerifyClient never<br />
<br />
saslauthd.conf:<br />
ldap_servers: ldaps://localhost<br />
ldap_bind_dn: cn=admin,dc=abc,dc=com<br />
ldap_bind_pw: 123456789<br />
ldap_search_base: dc=abc,dc=com<br />
<br />
This works great with testsaslauthd:<br />
root@ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 1234560: OK "Success."<br />
<br />
However, when I add these lines to saslauthd.conf, it fails:<br />
ldap_start_tls: yes<br />
ldap_tls_cacert_dir: /var/myCA<br />
ldap_tls_cacert_file: /var/myCA/cacert.crt<br />
ldap_tls_cert: /var/myCA/server_crt.pem<br />
ldap_tls_key: /var/myCA/server_key.pem<br />
<br />
root@ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456<br />
0: NO "authentication failed"<br />
<br />
When i checked /var/log/auth.log, i got a messages:<br />
May 24 16:27:49 ldap saslauthd[870]: detach_tty : master pid is: 870<br />
May 24 16:27:49 ldap saslauthd[870]: ipc_init : listening on socket: /var/run/mux<br />
May 24 16:28:13 ldap saslauthd[870]: start tls failed (Can't contact LDAP server).<br />
May 24 16:28:13 ldap saslauthd[870]: Authentication failed for khanhnq: Cannot connect to ldap server (configuration error) $<br />
May 24 16:28:13 ldap saslauthd[870]: do_auth : auth failure: [user=khanhnq] [service=imap] [realm=] [mech=ldap] [reason=Unknown]<br />
<br />
What i'm doing wrong? Please help...<br />
<br />
Best Regards,</p>
<pre>--
***********************************
EVERYTHING HAS JUST BEGUN...</pre>