Unable to authenticate with LDAPs

Ana Ribas/Upcnet ana.ribas at upcnet.es
Tue Sep 9 08:16:42 EDT 2003 

Hi,
Here I'm another time with my LDAP tests.
In this moment my situation is the following one:

I've installed this software:
   Solaris 8
   Cyrus IMAP 2.1.13
   Cyrus SASL 2.1.15
   OpenLDAP 2.1.22 libraries
   OpenSSL 0.9.6

Saslauthd works fine with ldap authentication against my Lotus Domino
eDirectory.
My Cyrus IMAP server and my LDAP server aren't in the same machine.
Now, in my next step, I can't to authenticate saslauthd with ldaps.

I'm sure the CA certificate is correct and my LDAP server accepts SSL
connections because I can consult the LDAP directory in another type of
clients like Netscape 7 or Explorer 6.

This is my /usr/local/etc/saslauthd.conf :

   #ldap_servers: ldap://myserver.upc.es/
   ldap_servers: ldaps://myserver.upc.es/
   ldap_bind_dn: cn=UsuariProves1,o=LCX
   ldap_bind_pw: contrasenya
   ldap_filter: (&(cn=%u) (objectclass=person))
   ldap_tls_cacert_file: /var/imap/certs/escert.cer   --> I've tested too
   with the escert.pem file but the results is the same

this is the response when I make the test:

> saslauthd -a ldap
> testsaslauthd -u usuariproves1 -p contrasenya
0: NO "authentication failed"

and the results in the /var/log/auth.log file:

   Sep  9 13:40:58 delius saslauthd[1260]: [ID 390612 auth.warning]
   ldap_simple_bind() failed as cn=UsuariProves1,o=LCX (Can't contact LDAP
   server)
   Sep  9 13:40:58 delius saslauthd[1260]: [ID 462440 auth.warning]
   lak_bind() failed
   Sep  9 13:40:58 delius saslauthd[1260]: [ID 285309 auth.info] do_auth
   : auth failure: [user=usuariproves1] [service=imap] [realm=] [mech=ldap]
   [reason=Unknown]
   Sep  9 13:40:58 delius last message repeated 1 time
   Sep  9 13:40:58 delius saslauthd[1260]: [ID 286158 auth.warning] Unable
   to set LDAP_OPT_X_TLS_CACERTFILE (Unknown error).

My Domino LDAP directory have the following parameters related with ports:

   TCP/IP port number: 389
   TCP/IP port status: Enabled
   Authentication options:
      Name & password: Yes
      Anonymous: No
   SSL port number: 636
   SSL port status: Enabled
   Authentication options:
      Client certificate: No
      Name & password: Yes
      Anonymous: No

Can someone help me, please?
Thanks in advance.

- ANNA -

More information about the Info-cyrus mailing list