Igor Brezac schreef: > > On Wed, 1 Jun 2005, Paul van der Vlis wrote: > >> Hello, >> >> I want to authentifate to a Novell NDS from saslauthd on a Debian Sarge >> machine. >> >> This works fine: >> ldapsearch -x -b "cn=paulvdv,o=wlg" -D "cn=paulvdv,o=wlg" >> -w secret -H ldaps://firewall.domain.nl:636 >> >> This is my saslauthd.conf: >> -------- >> ldap_servers: ldaps://firewall.domain.nl:636/ >> ldap_tls_cert: /home/paul/.cert/cacert.pem >> ldap_tls_key: /home/paul/.cert/privkey.pem > > It appears you are specifying ca cert as the client cert. Is this what > you want?
No, I want to authentificate over an encrypted connection, that's all. > Your configuration does not require client cert so you should > remove those params. Perhaps you wanted to specify > ldap_tls_cacert_(file|dir)? We have it working now with something like: -------- ldap_servers: ldaps://firewall.domain.nl/ ldap_auth_method: fastbind ldap_tls_cacert_file: /path/to/rootcert.pem ldap_filter: cn=%u,o=wlg -------- The rootcert.pem is the root-certificate of the Novell server. A problem is: there are 2 Novell servers what are together the e-directory, can we use 2 root-certificates? >> ldap_search_base: cn=paulvdv,o=wlg >> ldap_filter: cn=%u,o=wlg > > Have you tried this filter in the ldapsearch above? This does not look > right. We've removed the ldap_search_base and added the fastbind, this looks right. Thanks for your help. If you think it could be better, please tell... With regards, Paul van der Vlis. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html