problems with secure LDAP
tsg at bugalux.com
Thu Jul 24 09:47:45 EDT 2003
24 Июль 2003 13:36, Ana Ribas/Upcnet написал:
> I've been able to configure saslauthd with ldap authentication against my
> Lotus Domino eDirectory.
> My Cyrus IMAP server works fine too.
> I've created the mailboxes and the users can send and receive mail
> Now, my following step is try to configure saslauthd for secure ldap.
> And, of course, it's my new problem.
> My configuration with ldaps is the next one:
ldap_tls_check_peer: yes #only if you are going to check both certs,
server and client
ldap_tls_cacert_file: full path to the CA cert
ldap_tls_cert: /var/imap/server.pem # better ho have different ones in real
ldap_tls_key: /var/imap/server.pem # production environment
and You LDAP server must listen to ldaps port (all setificates should be
You can get all conf files to make secure mail server
Do not forget the last slash!
> ldap_servers: ldap://myserver.upc.es:636/
> ldap_port: 636
> ldap_tls_check_peer: yes
> ldap_tls_cacert_file: escert.pem
> ldap_tls_cacert_dir: /var/imap/certs
> ldap_tls_cert: /var/imap/server.pem
> ldap_tls_key: /var/imap/server.pem
> And this is the response when I make the test and the ldapsearch:
> > saslauthd -a ldap
> > testsaslauthd -u juanito -p juanito
> 0: NO "authentication failed"
> > ldapsearch -v -p 636 -h myserver.upc.es -b "O=lcx" "(cn=usuari proves1)"
> ldap_init( myserver.upc.es, 636 )
> filter pattern: (cn=usuari proves1)
> returning: ALL
> filter is: ((cn=usuari proves1))
> ldap_result: Can't contact LDAP server
> The auth.log file results:
> Jul 24 12:49:52 delius saslauthd: [ID 285309 auth.info] detach_tty
> : master pid is: 22180
> Jul 24 12:49:52 delius saslauthd: [ID 285309 auth.info] ipc_init
> : listening on socket: /var/run/saslauthd/mux
> Jul 24 12:50:22 delius saslauthd: [ID 286158 auth.warning] Unable to
> set LDAP_OPT_X_TLS_CACERTFILE (Unknown error).
> Jul 24 12:50:22 delius saslauthd: [ID 948958 auth.warning] Unable to
> set LDAP_OPT_X_TLS_CACERTDIR (Unknown error).
> Jul 24 12:50:22 delius saslauthd: [ID 809616 auth.warning] Unable to
> set LDAP_OPT_X_TLS_REQUIRE_CERT (Unknown error).
> Jul 24 12:50:22 delius saslauthd: [ID 390630 auth.warning] Unable to
> set LDAP_OPT_X_TLS_CERTFILE (Unknown error).
> Jul 24 12:50:22 delius saslauthd: [ID 621624 auth.warning] Unable to
> set LDAP_OPT_X_TLS_KEYFILE (Unknown error).
> Jul 24 12:51:23 delius imapd: [ID 702911 auth.warning] Could not
> find a dlname line in .la file: libotp.la
> Jul 24 12:55:22 delius saslauthd: [ID 390612 auth.warning]
> ldap_simple_bind() failed as anonymous (Can't contact LDAP server)
> Jul 24 12:55:22 delius saslauthd: [ID 462440 auth.warning]
> lak_bind() failed
> Jul 24 12:55:22 delius saslauthd: [ID 285309 auth.info] do_auth
> : auth failure: [user=juanito] [service=imap] [realm=] [mech=ldap]
> I'm sure the path and name of certificates are correct, but saslauthd seems
> unable to set them and I don't know why.
> When I compiled SASL 2.1.15 , days ago, I included the option
> What I can do now?
> Thanks in advance.
> - ANNA -
More information about the Info-cyrus