SASL and OpenLDAP with SSL - PROBLEM SOLVED !!!!
Mihai Barbos
mihai.barbos at eurospider.com
Thu Jul 5 11:37:03 EDT 2007
> Mihai Barbos <mihai.barbos at eurospider.com> writes:
> > Hi
> >
> > Can someone please help me with the following (annoying) problem:
> > I've got a saslauthd connecting to ldap on CentOS 5.0. With tls
> > disabled everything seems to work OK. With tls enabled, the connection
> > to LDAP is established OK but the authentication fails. LDAP
> > (openldap) reports TLS established and then UNBIND.
> >
> > Does it ring any bell to anyone ? Any idea is welcome. Of course I can
> > post any configuration that might be of interest.
> Did you create the values of attribute type userpasswd with a hashing
> scheme like CRYPT or SSHA?
> -Dieter
Thanx guys for your comments.
The problem though was a LOT more trivial. The SSL certificate
verification of the ^&%^* saslauthd is simply wrong. It looks like it
compares the ldap server STRING FROM THE CONFIGURATION FILE WITH THE DN
FROM THE CERTIFICATE.
So, if you have:
ldap_servers: ldap://gogoserver
in saslauthd.conf (or however you name it) an the certificate has been
issued to gogoserver.gogoland.net (as it is normal) the verification
fails and saslauthd bails out. Not to mention that the same happens if
you use the IP or a CNAME.
Mihai
More information about the Cyrus-sasl
mailing list