sasl 2.1.9 + LDAPS problem

Felix Cuello felix at qodiga.com
Wed Oct 16 13:06:32 EDT 2002


> #ldap_tls_check_peer: yes - This can get you in trouble if your
> certificates are not setup properly on both the ldap server and the
> client.

I was comented this line... but Cyrus does not recognize IMAP/POP users
using ldaps

> Does
> ldapsearch -x -H ldaps://hostname.domain/ -b
> ou=people,dc=xxxxxxxx,dc=xxx \ -Duid=cyrus,ou=people,dc=xxxxxxx,dc=xxx
> -W uid=some_username
> work?

YES!... it does.

mmm.... I'm thinking that it can be ACL problem, because this query
retrieved all fields of my user except userPassword. But is rare, because
trying the same ldapsearch but using ldap (instead ldaps) userPassword
does not come in the fields, but cyrus can check the user identity [ACL
rules is configured to do that]

> Have you checked openldap syslog?

Yes... and look this:

-----------------
1.- when I put this line into my saslauthd.conf

ldap_servers: ldap://upsoluciones.palermo.edu/
the messages are:
Oct 18 10:56:59 upsoluciones pop3d[23559]: login: upsoluciones[127.0.0.1]
fcuell plaintext
And I can check my mail fine!.
------------------
2.- When I put this line into my saslauthd.conf
ldap_servers: ldaps://upsoluciones.palermo.edu/
the messages are:
Oct 18 11:00:02 upsoluciones saslauthd[23583]: ldap_simple_bind(as
uid=cyrus,ou=people,dc=palermo,dc=edu) failed (Can't contact LDAP server)
Oct 18 11:00:02 upsoluciones saslauthd[23583]: lak_bind() failed
Oct 18 11:00:02 upsoluciones saslauthd[23583]: AUTHFAIL: user=fcuell
service=pop realm=
And I can't check my email
---------------------


This is my netstat -antp output (just the lines of ldap server)

tcp        0      0 0.0.0.0:389             0.0.0.0:*               LISTEN
     32365/slapd
tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN
     32365/slapd

---------------------

What do you think?... I'm really lost with this problem..


Thanks a lot for your time!

Felix
SFMPE == Sorry For My Poor English :-)






More information about the Info-cyrus mailing list