Saslauthd with ldaps

Paul van der Vlis paul at
Fri Jun 3 08:35:52 EDT 2005

Igor Brezac schreef:
> On Wed, 1 Jun 2005, Paul van der Vlis wrote:
>> Hello,
>> I want to authentifate to a Novell NDS from saslauthd on a Debian Sarge
>> machine.
>> This works fine:
>> ldapsearch -x -b "cn=paulvdv,o=wlg" -D "cn=paulvdv,o=wlg"
>>    -w secret -H ldaps://
>> This is my saslauthd.conf:
>> --------
>> ldap_servers: ldaps://
>> ldap_tls_cert: /home/paul/.cert/cacert.pem
>> ldap_tls_key: /home/paul/.cert/privkey.pem
> It appears you are specifying ca cert as the client cert.  Is this what
> you want?  

No, I want to authentificate over an encrypted connection, that's all.

> Your configuration does not require client cert so you should
> remove those params.  Perhaps you wanted to specify
> ldap_tls_cacert_(file|dir)?

We have it working now with something like:

ldap_servers: ldaps://
ldap_auth_method: fastbind
ldap_tls_cacert_file: /path/to/rootcert.pem
ldap_filter: cn=%u,o=wlg

The rootcert.pem is the root-certificate of the Novell server.

A problem is: there are 2 Novell servers what are together the
e-directory, can we use 2 root-certificates?

>> ldap_search_base: cn=paulvdv,o=wlg
>> ldap_filter: cn=%u,o=wlg
> Have you tried this filter in the ldapsearch above?  This does not look
> right.

We've removed the ldap_search_base and added the fastbind, this looks right.

Thanks for your help. If you think it could be better, please tell...

With regards,
Paul van der Vlis.

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list