Authenticating with LDAP tree ...

Garry garry at glendown.de
Mon Jul 13 02:18:46 EDT 2009


Hi,

I'm trying to authenticate users against an LDAP database ... now, I
already have that running on several servers that use the "normal" tree
setup, something like "cn=username,ou=somebranch,ou=domain,ou=tld", with
a search_base of ou=domain,ou=tld. The place I'm trying to configure it
for now is using a - AFAICT - rather unusal schema, as they have a tree
that uses multiple top level o=, and start underneath there, so there
may by user entries like

	cn=user1,ou=USERS,o=branch1
and	cn=user2,ou=USERS,o=branch2

(historically, ldap trees from several locations were just merged
together, which led to this)

How can I get SASL to search in such a configuration? I already tried a
"ou=USERS,o=*" syntax, which I didn't expect to work (and it didn't)

Also, I know that saslauthd or other apps will need to check the
resulting username/pw, so I tried binding with the DN and PW of an
account, resulting in a "Confidentiality required" ... using ldaps://
notation didn't work, as the remote server (Novell eDirectory) probably
isn't configured for that, and -Z for TLS also fails with

ldap_start_tls: Server is unavailable (52)
        additional info: TLS services are not available

>From what I can find, the message should come up if the server is
configured for requiring secure queries, but then I would expect it to
also be configured to SUPPORT either one of the methods ...

Help appreciated,

-garry



More information about the Info-cyrus mailing list