Configuring saslauthd for ldap
Quanah Gibson-Mount
quanah at zimbra.com
Thu Jul 23 01:52:36 EDT 2009
--On Thursday, July 23, 2009 12:46 PM +0700 Olivier Nicole
<on at cs.ait.ac.th> wrote:
> Hi,
>
>> Your log indicates its a TLS negotioation failure.
>
> This may be missleading as I use SSL, not TLS.
>
>> Does it work if you don't use TLS?
>
> If I configure without SSL:
>
> ldap_servers: ldaps://ldap.cs.ait.ac.th/
>
> If I configure with SSL:
>
> ldap_servers: ldaps://ldap.cs.ait.ac.th/
What you say above makes zero sense to me. There are two types of LDAP
bits that can do SSL encryption:
(a) startTLS (ldap v3 RFC standard)
(b) ldaps://, usually on port 636. Not part of any standard, but a hack.
Now, what exactly do you mean by you configured without ssl but are using
ldaps://? That makes *no* sense.
At a guess, one of the problems you may be having on the saslauthd side is
that it can't find the CA cert to validate the connection.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the Cyrus-sasl
mailing list