> #ldap_tls_check_peer: yes - This can get you in trouble if your > certificates are not setup properly on both the ldap server and the > client.
I was comented this line... but Cyrus does not recognize IMAP/POP users using ldaps > Does > ldapsearch -x -H ldaps://hostname.domain/ -b > ou=people,dc=xxxxxxxx,dc=xxx \ -Duid=cyrus,ou=people,dc=xxxxxxx,dc=xxx > -W uid=some_username > work? YES!... it does. mmm.... I'm thinking that it can be ACL problem, because this query retrieved all fields of my user except userPassword. But is rare, because trying the same ldapsearch but using ldap (instead ldaps) userPassword does not come in the fields, but cyrus can check the user identity [ACL rules is configured to do that] > Have you checked openldap syslog? Yes... and look this: ----------------- 1.- when I put this line into my saslauthd.conf ldap_servers: ldap://upsoluciones.palermo.edu/ the messages are: Oct 18 10:56:59 upsoluciones pop3d[23559]: login: upsoluciones[127.0.0.1] fcuell plaintext And I can check my mail fine!. ------------------ 2.- When I put this line into my saslauthd.conf ldap_servers: ldaps://upsoluciones.palermo.edu/ the messages are: Oct 18 11:00:02 upsoluciones saslauthd[23583]: ldap_simple_bind(as uid=cyrus,ou=people,dc=palermo,dc=edu) failed (Can't contact LDAP server) Oct 18 11:00:02 upsoluciones saslauthd[23583]: lak_bind() failed Oct 18 11:00:02 upsoluciones saslauthd[23583]: AUTHFAIL: user=fcuell service=pop realm= And I can't check my email --------------------- This is my netstat -antp output (just the lines of ldap server) tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN 32365/slapd tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN 32365/slapd --------------------- What do you think?... I'm really lost with this problem.. Thanks a lot for your time! Felix SFMPE == Sorry For My Poor English :-)