SASL and OpenLDAP with SSL - PROBLEM SOLVED !!!!

Mihai Barbos mihai.barbos at eurospider.com
Thu Jul 5 11:37:03 EDT 2007


> Mihai Barbos <mihai.barbos at eurospider.com> writes:
> > Hi
> >
> > Can someone please help me with the following (annoying) problem:
> > I've got a saslauthd connecting to ldap on CentOS 5.0. With tls
> > disabled everything seems to work OK. With tls enabled, the connection
> > to LDAP is established OK but the authentication fails. LDAP
> > (openldap) reports TLS established and then UNBIND.
> >
> > Does it ring any bell to anyone ? Any idea is welcome. Of course I can
> > post any configuration that might be of interest.

> Did you create the values of attribute type userpasswd with a hashing
> scheme like CRYPT or SSHA?

> -Dieter

Thanx guys for your comments.


The problem though was a LOT more trivial. The SSL certificate 
verification of the ^&%^* saslauthd is simply wrong. It looks like it 
compares the ldap server STRING FROM THE CONFIGURATION FILE WITH THE DN 
FROM THE CERTIFICATE.

So, if you have:
ldap_servers: ldap://gogoserver
in saslauthd.conf (or however you name it) an the certificate has been 
issued to  gogoserver.gogoland.net (as it is normal) the verification 
fails and saslauthd bails out. Not to mention that the same happens if 
you use the IP or a CNAME.

Mihai



More information about the Cyrus-sasl mailing list