Authenticating with LDAP tree ...
Garry
garry at glendown.de
Mon Jul 13 02:18:46 EDT 2009
Hi,
I'm trying to authenticate users against an LDAP database ... now, I
already have that running on several servers that use the "normal" tree
setup, something like "cn=username,ou=somebranch,ou=domain,ou=tld", with
a search_base of ou=domain,ou=tld. The place I'm trying to configure it
for now is using a - AFAICT - rather unusal schema, as they have a tree
that uses multiple top level o=, and start underneath there, so there
may by user entries like
cn=user1,ou=USERS,o=branch1
and cn=user2,ou=USERS,o=branch2
(historically, ldap trees from several locations were just merged
together, which led to this)
How can I get SASL to search in such a configuration? I already tried a
"ou=USERS,o=*" syntax, which I didn't expect to work (and it didn't)
Also, I know that saslauthd or other apps will need to check the
resulting username/pw, so I tried binding with the DN and PW of an
account, resulting in a "Confidentiality required" ... using ldaps://
notation didn't work, as the remote server (Novell eDirectory) probably
isn't configured for that, and -Z for TLS also fails with
ldap_start_tls: Server is unavailable (52)
additional info: TLS services are not available
>From what I can find, the message should come up if the server is
configured for requiring secure queries, but then I would expect it to
also be configured to SUPPORT either one of the methods ...
Help appreciated,
-garry
More information about the Info-cyrus
mailing list