sasl 2.1.9 + LDAPS problem

Igor Brezac igor at ipass.net
Tue Oct 15 18:14:41 EDT 2002


On Tue, 15 Oct 2002, Felix Cuello wrote:

> Hello,
>
>    Well... sasl 2.1.9 doesn't solved my problem...then... I have a
> configuration problem.
>
>    I'm actually are running Cyrus 2.1.9, sasl 2.1.9 and openldap
> 2.0.23-4,,, all this in a red h 7.3...
>
>    In my /usr/local/etc/saslauthd.conf, I have this lines:
>
> # doesn't work with ldap_servers: ldap://localhost
> # doesn't work with ldap_servers: ldaps://hostnamedomain:636
> ldap_servers: ldap://hostname.domain/
> ldap_bind_dn: uid=cyrus,ou=people,dc=xxxxxxx,dc=xxx
> ldap_bind_pw: xxxxxxxxxxx
> ldap_search_base: ou=people,dc=xxxxxxxx,dc=xxx
> ldap_tls_check_peer: yes
> ldap_tls_cacert_file: certificate.pem
> ldap_tls_cacert_dir: /usr/share/ssl/certs/
>

ldaps should work, someone recently reported that ldaps worked against
Novell NDS.  Try,

ldap_servers: ldaps://hostname.domain/
ldap_bind_dn: uid=cyrus,ou=people,dc=xxxxxxx,dc=xxx
ldap_bind_pw: xxxxxxxxxxx
ldap_search_base: ou=people,dc=xxxxxxxx,dc=xxx
ldap_tls_cacert_file: /usr/share/ssl/certs/certificate.pem

#ldap_tls_check_peer: yes - This can get you in trouble if your
certificates are not setup properly on both the ldap server and the
client.

Does
ldapsearch -x -H ldaps://hostname.domain/ -b ou=people,dc=xxxxxxxx,dc=xxx \
-Duid=cyrus,ou=people,dc=xxxxxxx,dc=xxx -W uid=some_username
work?

Have you checked openldap syslog?

-Igor

> --------------------
>
> I was tried some tests, like:
>
> stunnel     ldap ---------------> ldaps
>
> and that works fine... because saslauthd tries to connect a simple ldap
> server and STUNNEL do the rest with LDAPS server...
>
> But I don't want to use stunnel, because is a little bit unstable..
>
>
> thanks a lot and sorry for my poor english :-)
>
>
> Felix
>
>
>
>

-- 
Igor





More information about the Info-cyrus mailing list