On Thu, 24 Jul 2003, Ana Ribas/Upcnet wrote: > Hi, > > I've been able to configure saslauthd with ldap authentication against my > Lotus Domino eDirectory. > My Cyrus IMAP server works fine too. > I've created the mailboxes and the users can send and receive mail > perfectly. > > Now, my following step is try to configure saslauthd for secure ldap. > And, of course, it's my new problem. > > My configuration with ldaps is the next one: > > saslauthd.conf: > ldap_servers: ldap://myserver.upc.es:636/
You need ldap_servers: ldaps://myserver.upc.es/ > ldap_port: 636 This is not a valid option. > ldap_tls_check_peer: yes > ldap_tls_cacert_file: escert.pem > ldap_tls_cacert_dir: /var/imap/certs > ldap_tls_cert: /var/imap/server.pem > ldap_tls_key: /var/imap/server.pem I would try without these options first. > And this is the response when I make the test and the ldapsearch: > > > saslauthd -a ldap > > testsaslauthd -u juanito -p juanito > 0: NO "authentication failed" > > > ldapsearch -v -p 636 -h myserver.upc.es -b "O=lcx" "(cn=usuari proves1)" > ldap_init( myserver.upc.es, 636 ) > filter pattern: (cn=usuari proves1) > returning: ALL > filter is: ((cn=usuari proves1)) > ldap_result: Can't contact LDAP server Are you sure your ldap server accepts ssl connections? If you cannot make ldapsearch work, saslauthd will not work either... > > The auth.log file results: > Jul 24 12:49:52 delius saslauthd[22180]: [ID 285309 auth.info] detach_tty > : master pid is: 22180 > Jul 24 12:49:52 delius saslauthd[22180]: [ID 285309 auth.info] ipc_init > : listening on socket: /var/run/saslauthd/mux > Jul 24 12:50:22 delius saslauthd[22181]: [ID 286158 auth.warning] Unable to > set LDAP_OPT_X_TLS_CACERTFILE (Unknown error). > Jul 24 12:50:22 delius saslauthd[22181]: [ID 948958 auth.warning] Unable to > set LDAP_OPT_X_TLS_CACERTDIR (Unknown error). > Jul 24 12:50:22 delius saslauthd[22181]: [ID 809616 auth.warning] Unable to > set LDAP_OPT_X_TLS_REQUIRE_CERT (Unknown error). > Jul 24 12:50:22 delius saslauthd[22181]: [ID 390630 auth.warning] Unable to > set LDAP_OPT_X_TLS_CERTFILE (Unknown error). > Jul 24 12:50:22 delius saslauthd[22181]: [ID 621624 auth.warning] Unable to > set LDAP_OPT_X_TLS_KEYFILE (Unknown error). > Jul 24 12:51:23 delius imapd[22194]: [ID 702911 auth.warning] Could not > find a dlname line in .la file: libotp.la > Jul 24 12:55:22 delius saslauthd[22181]: [ID 390612 auth.warning] > ldap_simple_bind() failed as anonymous (Can't contact LDAP server) > Jul 24 12:55:22 delius saslauthd[22181]: [ID 462440 auth.warning] > lak_bind() failed > Jul 24 12:55:22 delius saslauthd[22181]: [ID 285309 auth.info] do_auth > : auth failure: [user=juanito] [service=imap] [realm=] [mech=ldap] > [reason=Unknown] > > I'm sure the path and name of certificates are correct, but saslauthd seems > unable to set them and I don't know why. > When I compiled SASL 2.1.15 , days ago, I included the option > --with-openssl=/usr/local/ssl > > What I can do now? > Thanks in advance. > > - ANNA - > > > > -- Igor
