On Tue, 15 Oct 2002, Felix Cuello wrote:
> Hello, > > Well... sasl 2.1.9 doesn't solved my problem...then... I have a > configuration problem. > > I'm actually are running Cyrus 2.1.9, sasl 2.1.9 and openldap > 2.0.23-4,,, all this in a red h 7.3... > > In my /usr/local/etc/saslauthd.conf, I have this lines: > > # doesn't work with ldap_servers: ldap://localhost > # doesn't work with ldap_servers: ldaps://hostnamedomain:636 > ldap_servers: ldap://hostname.domain/ > ldap_bind_dn: uid=cyrus,ou=people,dc=xxxxxxx,dc=xxx > ldap_bind_pw: xxxxxxxxxxx > ldap_search_base: ou=people,dc=xxxxxxxx,dc=xxx > ldap_tls_check_peer: yes > ldap_tls_cacert_file: certificate.pem > ldap_tls_cacert_dir: /usr/share/ssl/certs/ > ldaps should work, someone recently reported that ldaps worked against Novell NDS. Try, ldap_servers: ldaps://hostname.domain/ ldap_bind_dn: uid=cyrus,ou=people,dc=xxxxxxx,dc=xxx ldap_bind_pw: xxxxxxxxxxx ldap_search_base: ou=people,dc=xxxxxxxx,dc=xxx ldap_tls_cacert_file: /usr/share/ssl/certs/certificate.pem #ldap_tls_check_peer: yes - This can get you in trouble if your certificates are not setup properly on both the ldap server and the client. Does ldapsearch -x -H ldaps://hostname.domain/ -b ou=people,dc=xxxxxxxx,dc=xxx \ -Duid=cyrus,ou=people,dc=xxxxxxx,dc=xxx -W uid=some_username work? Have you checked openldap syslog? -Igor > -------------------- > > I was tried some tests, like: > > stunnel ldap ---------------> ldaps > > and that works fine... because saslauthd tries to connect a simple ldap > server and STUNNEL do the rest with LDAPS server... > > But I don't want to use stunnel, because is a little bit unstable.. > > > thanks a lot and sorry for my poor english :-) > > > Felix > > > > -- Igor
