Fail to test uid of OpenLDAP with TLS...
Nguyen, Quoc Khanh
khanhnq at saigontech.edu.vn
Tue May 24 09:50:18 EDT 2011
Hi all,
I'm trying to get SASL working with OpenLDAP + TLS. I got it
working without TLS with these settings:
slapd.conf:
----------
TLSCipherSuite HIGH:MEDIUM:+SSLv3
TLSCACertificateFile
/var/myCA/cacert.crt
TLSCertificateFile /var/myCA/server_crt.pem
TLSCertificateKeyFile /var/myCA/server_key.pem
# Use the following if
client authentication is required
#TLSVerifyClient demand
# ... or not
desired at all
TLSVerifyClient never
saslauthd.conf:
ldap_servers:
ldaps://localhost
ldap_bind_dn: cn=admin,dc=abc,dc=com
ldap_bind_pw:
123456789
ldap_search_base: dc=abc,dc=com
This works great with
testsaslauthd:
root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq
-p 1234560: OK "Success."
However, when I add these lines to
saslauthd.conf, it fails:
ldap_start_tls: yes
ldap_tls_cacert_dir:
/var/myCA
ldap_tls_cacert_file: /var/myCA/cacert.crt
ldap_tls_cert:
/var/myCA/server_crt.pem
ldap_tls_key: /var/myCA/server_key.pem
root at ldap:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456
0:
NO "authentication failed"
When i checked /var/log/auth.log, i got a
messages:
May 24 16:27:49 ldap saslauthd[870]: detach_tty : master pid is:
870
May 24 16:27:49 ldap saslauthd[870]: ipc_init : listening on socket:
/var/run/mux
May 24 16:28:13 ldap saslauthd[870]: start tls failed (Can't
contact LDAP server).
May 24 16:28:13 ldap saslauthd[870]: Authentication
failed for khanhnq: Cannot connect to ldap server (configuration error) $
May 24 16:28:13 ldap saslauthd[870]: do_auth : auth failure: [user=khanhnq]
[service=imap] [realm=] [mech=ldap] [reason=Unknown]
What i'm doing
wrong? Please help...
Best Regards,
--
***********************************
EVERYTHING HAS JUST BEGUN...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/cyrus-sasl/attachments/20110524/a8125ac2/attachment.html
More information about the Cyrus-sasl
mailing list