Saslauthd with ldaps
Paul van der Vlis
paul at vandervlis.nl
Fri Jun 3 08:35:52 EDT 2005
Igor Brezac schreef:
> On Wed, 1 Jun 2005, Paul van der Vlis wrote:
>> I want to authentifate to a Novell NDS from saslauthd on a Debian Sarge
>> This works fine:
>> ldapsearch -x -b "cn=paulvdv,o=wlg" -D "cn=paulvdv,o=wlg"
>> -w secret -H ldaps://firewall.domain.nl:636
>> This is my saslauthd.conf:
>> ldap_servers: ldaps://firewall.domain.nl:636/
>> ldap_tls_cert: /home/paul/.cert/cacert.pem
>> ldap_tls_key: /home/paul/.cert/privkey.pem
> It appears you are specifying ca cert as the client cert. Is this what
> you want?
No, I want to authentificate over an encrypted connection, that's all.
> Your configuration does not require client cert so you should
> remove those params. Perhaps you wanted to specify
We have it working now with something like:
The rootcert.pem is the root-certificate of the Novell server.
A problem is: there are 2 Novell servers what are together the
e-directory, can we use 2 root-certificates?
>> ldap_search_base: cn=paulvdv,o=wlg
>> ldap_filter: cn=%u,o=wlg
> Have you tried this filter in the ldapsearch above? This does not look
We've removed the ldap_search_base and added the fastbind, this looks right.
Thanks for your help. If you think it could be better, please tell...
Paul van der Vlis.
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus