Fail to test uid of OpenLDAP with TLS...

Dan White dwhite at olp.net
Wed May 25 10:08:23 EDT 2011


On 25/05/11 10:12 +0700, Nguyen, Quoc Khanh wrote:
>Thanks for your reply. Following your information, i changed
>saslauthd.conf:
>
>ldap_servers: ldap://localhost
>ldap_bind_dn: cn=admin,dc=abc,dc=com
>ldap_bind_pw: 123456789
>ldap_search_base: dc=abc,dc=com
>ldap_start_tls: yes
>ldap_tls_cacert_dir: /var/myCA
>ldap_tls_cacert_file: /var/myCA/cacert.crt
>
>and i started OpenLDAP with parameter:
>
>root at ldap:/usr/local/openldap/libexec# ./slapd -h 'ldap:///'
>
>but it failed... too.
>
>I mean that i just want to encrypt a traffic connection between Cyrus SASL
>and OpenLDAP. So that i will config is:
>
>start OpenLDAP with parameter:
>
>root at ldap:/usr/local/openldap/libexec# ./slapd -h 'ldap:/// ldaps:///" ( I
>want to use both 389 and 636 ports)
>
>saslauthd.conf:
>
>ldap_servers: ldaps://localhost
>ldap_bind_dn: cn=admin,dc=abc,dc=com
>ldap_bind_pw: 123456789
>ldap_search_base: dc=abc,dc=com
>
>Is that correct way?

If ldaps:/// should work just as well.. starttls would just be another way
to accomplish the same thing.

You might also need 'ldap_tls_check_peer: yes'. The documentation is
unclear if that's needed for both ldaps:/// and starttls over ldap:///.

-- 
Dan White


More information about the Cyrus-sasl mailing list