sasl 2.1.9 + LDAPS problem

Igor Brezac igor at ipass.net
Wed Oct 16 14:18:50 EDT 2002 

On Wed, 16 Oct 2002, Felix Cuello wrote:

> > #ldap_tls_check_peer: yes - This can get you in trouble if your
> > certificates are not setup properly on both the ldap server and the
> > client.
>
> I was comented this line... but Cyrus does not recognize IMAP/POP users
> using ldaps
>
> > Does
> > ldapsearch -x -H ldaps://hostname.domain/ -b
> > ou=people,dc=xxxxxxxx,dc=xxx \ -Duid=cyrus,ou=people,dc=xxxxxxx,dc=xxx
> > -W uid=some_username
> > work?
>
> YES!... it does.
>
> mmm.... I'm thinking that it can be ACL problem, because this query
> retrieved all fields of my user except userPassword. But is rare, because
> trying the same ldapsearch but using ldap (instead ldaps) userPassword
> does not come in the fields, but cyrus can check the user identity [ACL
> rules is configured to do that]
>

This is probably going to be a problem once saslauthd is able to connect
via ldaps.

> > Have you checked openldap syslog?
>

I need the openldap server syslog messages, you showed me the saslauthd
syslog messages.  Start slapd -d 8.  This will output all the openldap
debug messages to stdout.  Hopefully this will give you some clues as to
why you are not able to connect.

-Igor

> Yes... and look this:
>
> -----------------
> 1.- when I put this line into my saslauthd.conf
>
> ldap_servers: ldap://upsoluciones.palermo.edu/
> the messages are:
> Oct 18 10:56:59 upsoluciones pop3d[23559]: login: upsoluciones[127.0.0.1]
> fcuell plaintext
> And I can check my mail fine!.
> ------------------
> 2.- When I put this line into my saslauthd.conf
> ldap_servers: ldaps://upsoluciones.palermo.edu/
> the messages are:
> Oct 18 11:00:02 upsoluciones saslauthd[23583]: ldap_simple_bind(as
> uid=cyrus,ou=people,dc=palermo,dc=edu) failed (Can't contact LDAP server)
> Oct 18 11:00:02 upsoluciones saslauthd[23583]: lak_bind() failed
> Oct 18 11:00:02 upsoluciones saslauthd[23583]: AUTHFAIL: user=fcuell
> service=pop realm=
> And I can't check my email
> ---------------------
>
>
> This is my netstat -antp output (just the lines of ldap server)
>
> tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN
>      32365/slapd
> tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN
>      32365/slapd
>
> ---------------------
>
> What do you think?... I'm really lost with this problem..
>
>
> Thanks a lot for your time!
>
> Felix
> SFMPE == Sorry For My Poor English :-)
>
>
>

-- 
Igor

More information about the Info-cyrus mailing list