Configuring saslauthd for ldap

Quanah Gibson-Mount quanah at
Thu Jul 23 01:52:36 EDT 2009

--On Thursday, July 23, 2009 12:46 PM +0700 Olivier Nicole 
<on at> wrote:

> Hi,
>> Your log indicates its a TLS negotioation failure.
> This may be missleading as I use SSL, not TLS.
>> Does it work if you don't use TLS?
> If I configure without SSL:
>    ldap_servers: ldaps://
> If I configure with SSL:
>   ldap_servers: ldaps://

What you say above makes zero sense to me.  There are two types of LDAP 
bits that can do SSL encryption:

(a) startTLS (ldap v3 RFC standard)
(b) ldaps://, usually on port 636.  Not part of any standard, but a hack.

Now, what exactly do you mean by you configured without ssl but are using 
ldaps://?  That makes *no* sense.

At a guess, one of the problems you may be having on the saslauthd side is 
that it can't find the CA cert to validate the connection.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration

More information about the Cyrus-sasl mailing list