----- Original Message Follows ----- From: Peter Schober <[EMAIL PROTECTED]> To: ldap@listserver.itd.umich.edu Subject: [ldap] Re: how to use saslauthd.conf with ldaps ? Date: Wed, 20 Jun 2007 12:32:33 +0200
> * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-06-20 > > 09:32]: Thanks Quanah :-) this time saslauthd.cnf is > > trying to communicate with ldaps. > > but there is a TLS related error. Shoul I define the TLS > > related settings too ? > > what would be the parameters to do that in > saslauthd.conf ? > > btw, note that ldaps (as compared to ldap+STARTTLS) has no > formal specification. see RFC 4513. > > have a look at the file LDAP_SASLAUTHD in your saslauthd > distribution (e.g. `locate LDAP_SASLAUTHD`). google had > this one: > http://www.irbs.net/internet/info-cyrus/0207/att-0599/LDAP_SASLAUTHD > > you're probably missing > > ldap_tls_cacert_dir: /path/to/your/cacerts/ Thanks a lot, but I think I am missing something. here is my saslauthd.conf working wirt port 389 ================================== ldap_server: ldap://127.0.0.1:389 #ldap_tls_cert: /etc/openldap/myca/cacert.pem #ldap_tls_key: /etc/openldap/myca/serverkey.pem ldap_bind_dn: cn=Manager,dc=suse,dc=ldap ldap_bind_pw: secret ldap_search_base: dc=suse,dc=ldap ldap_scope: sub ldap_auth_method: custom ldap_version: 3 ldap_filter: (|(&([EMAIL PROTECTED])(!(shadowExpire=0)))(&(mail=%u)(!(shadowExpire=*)))) =============================================== and it is working well. now Ig I change the ldap_server as ldap_servers: ldaps://127.0.0.1:636 it starts giving error that ================================ ldap_simple_bind() failed -1 (Can't contact LDAP server) ===================================== I can't figure out what I have missed here :-( > > but possibly others as well (you don't mention if you're > using simple binds or client certs). > there are many other parameters (see file mentioned above) > allowing for SASL auth, proxy auth, skipping the TLS/SSL > layer (with appropriate SASL mechs), etc. > > regards, > -p.schober > > -- > [EMAIL PROTECTED] - vienna university computer > center Universitaetsstrasse 7, A-1010 Wien, Austria/Europe > Tel. +43-1-4277-14155, Fax. +43-1-4277-9140 > > --- > You are currently subscribed to [EMAIL PROTECTED] as: > [EMAIL PROTECTED] To unsubscribe send email to > [EMAIL PROTECTED] with the word UNSUBSCRIBE as the > SUBJECT of the message. --- You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
