Re: sasl 2.1.9 + LDAPS problem

Sat, 19 Oct 2002 10:27:48 -0700

Did you say ldapsearch worked on the commandline?

'-d -1' if you want all the debug info.

You can also use the openssl commands s_server and s_client for debugging ldaps. That's probably more helpful then ethereal. 'man s_server' and 'man s_client' for more info.

PS. For speed, if you have a busy mail server or you're paying for the bandwidth ldap uses, how about running a replica on your mail server and have saslauthd use '-H ldap://127.0.0.1/' or 'ldapi://' to connect to it. You can use ldaps for replication. This should speed-up your config considerably.

--Kervin


Igor Brezac wrote:
On Wed, 16 Oct 2002, Felix Cuello wrote:



Here are the stdout of slapd. What do you think?



Hmmm, unfortunately this is not telling me much.  It indicates that a
connection came in, but it is not an ldaps session.  Did you run a
saslauthd/ldaps session?  You should see a lot more debug info including
TLS trace.

I just tested saslauthd/ldaps on sasl-2.1.9 and it works fine.  I used
openldap 2.1.6 (server and API) which should be more difficult to setup
because openldap 2.1 API verifies the server ceritifcate and 2.0 does not.
Someone please correct me if I am wrong. ;)

-Igor




thanks for your time and patience!

Felix

------------

@(#) $OpenLDAP: slapd 2.0.23-Release (Thu Feb 21 12:43:53 EST 2002) $
       [EMAIL PROTECTED]:/usr/src/build/73902-i386/BUILD/openldap-2.0.23/build-krb5/servers/slapd
daemon_init: listen on ldap:///
daemon_init: listen on ldaps:///
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: socket() failed errno=97 (Address family not supported by protocol)
daemon: initialized ldap:///
ldap_url_parse_ext(ldaps:///)
daemon: socket() failed errno=97 (Address family not supported by protocol)
daemon: initialized ldaps:///
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
slapd startup: initiated.
slapd starting
ldap_pvt_gethostbyname_a: host=upsoluciones, r=0
daemon: conn=0 fd=10 connection from IP=200.69.213.9:1478
(IP=0.0.0.0:31746) accepted.




---------------------------------------
Felix Cuello <[EMAIL PROTECTED]>
Qodiga/its   <http://www.qodiga.com>

/"\  ASCII Ribbon Campaign
\ /  No HTML in mail or news!
X
/ \
---------------------------------------

Reply via email to