sasl 2.1.9 + LDAPS problem

Kervin L. Pierre kervin at blueprint-tech.com
Sat Oct 19 13:39:34 EDT 2002 

Did you say ldapsearch worked on the commandline?

'-d -1' if you want all the debug info.

You can also use the openssl commands s_server and s_client for 
debugging ldaps.  That's probably more helpful then ethereal.  'man 
s_server' and 'man s_client' for more info.

PS. For speed, if you have a busy mail server or you're paying for the 
bandwidth ldap uses, how about running a replica on your mail server and 
have saslauthd use '-H ldap://127.0.0.1/' or 'ldapi://' to connect to 
it.  You can use ldaps for replication.  This should speed-up your 
config considerably.

--Kervin


Igor Brezac wrote:
> On Wed, 16 Oct 2002, Felix Cuello wrote:
> 
> 
>>Here are the stdout of slapd. What do you think?
>>
> 
> 
> Hmmm, unfortunately this is not telling me much.  It indicates that a
> connection came in, but it is not an ldaps session.  Did you run a
> saslauthd/ldaps session?  You should see a lot more debug info including
> TLS trace.
> 
> I just tested saslauthd/ldaps on sasl-2.1.9 and it works fine.  I used
> openldap 2.1.6 (server and API) which should be more difficult to setup
> because openldap 2.1 API verifies the server ceritifcate and 2.0 does not.
> Someone please correct me if I am wrong. ;)
> 
> -Igor
> 
> 
> 
>>thanks for your time and patience!
>>
>>Felix
>>
>>------------
>>
>>@(#) $OpenLDAP: slapd 2.0.23-Release (Thu Feb 21 12:43:53 EST 2002) $
>>        root at daffy.perf.redhat.com:/usr/src/build/73902-i386/BUILD/openldap-2.0.23/build-krb5/servers/slapd
>>daemon_init: listen on ldap:///
>>daemon_init: listen on ldaps:///
>>daemon_init: 2 listeners to open...
>>ldap_url_parse_ext(ldap:///)
>>daemon: socket() failed errno=97 (Address family not supported by protocol)
>>daemon: initialized ldap:///
>>ldap_url_parse_ext(ldaps:///)
>>daemon: socket() failed errno=97 (Address family not supported by protocol)
>>daemon: initialized ldaps:///
>>daemon_init: 2 listeners opened
>>slapd init: initiated server.
>>slap_sasl_init: initialized!
>>slapd startup: initiated.
>>slapd starting
>>ldap_pvt_gethostbyname_a: host=upsoluciones, r=0
>>daemon: conn=0 fd=10 connection from IP=200.69.213.9:1478
>>(IP=0.0.0.0:31746) accepted.
>>
>>
>>
>>
>>---------------------------------------
>> Felix Cuello <felix at qodiga.com>
>> Qodiga/its   <http://www.qodiga.com>
>>
>>/"\  ASCII Ribbon Campaign
>>\ /  No HTML in mail or news!
>> X
>>/ \
>>---------------------------------------
>>
>>
>>
>>
> 
>

More information about the Info-cyrus mailing list