Configuring saslauthd for ldap

Olivier Nicole on at cs.ait.ac.th
Thu Jul 23 02:08:13 EDT 2009


Hi,

Thanks for pointing out the typo.

> Your log indicates its a TLS negotioation failure.

This may be missleading as I use SSL, not TLS.

> Does it work if you don't use TLS?

If I configure without SSL:

    ldap_servers: ldap://ldap.cs.ait.ac.th/

If I configure with SSL:

   ldap_servers: ldaps://ldap.cs.ait.ac.th/

> At a guess, one of the problems you may be having on the saslauthd side is 
> that it can't find the CA cert to validate the connection.

In saslauthd I haveL

  ldap_tls_cacert_file: /usr/local/ssl/ca/ait-itserv.crt 

The file exists and is the CA used by all other services like
pam_ldap:

  tls_cacertfile /usr/local/ssl/ca/ait-itserv.crt


Thanks,

Olivier


More information about the Cyrus-sasl mailing list