On Wed, 1 Jun 2005, Paul van der Vlis wrote:
Hello, I want to authentifate to a Novell NDS from saslauthd on a Debian Sarge machine. This works fine: ldapsearch -x -b "cn=paulvdv,o=wlg" -D "cn=paulvdv,o=wlg" -w secret -H ldaps://firewall.domain.nl:636 This is my saslauthd.conf: -------- ldap_servers: ldaps://firewall.domain.nl:636/ ldap_tls_cert: /home/paul/.cert/cacert.pem ldap_tls_key: /home/paul/.cert/privkey.pem
It appears you are specifying ca cert as the client cert. Is this what you want? Your configuration does not require client cert so you should remove those params. Perhaps you wanted to specify ldap_tls_cacert_(file|dir)?
ldap_search_base: cn=paulvdv,o=wlg ldap_filter: cn=%u,o=wlg
Have you tried this filter in the ldapsearch above? This does not look right.
--------
You are missing ldap_bind_db and ldap_password in this particular configuration.
-Igor
In this test-situation, everybody can read the files in /home/paul/.cert. In .ldaprc I use the same files: ------ TLS_CERT /home/paul/.cert/cacert.pem TLS_KEY /home/paul/.cert/privkey.pem TLS_REQCERT never ------ I use ldap as mechanism for saslauthd. The authentification with saslauthd does not work: vlis:/home/paul# testsaslauthd -u paulvdv -p secret 0: NO "authentication failed" Can somebody help me? With regards, Paul van der Vlis. Groningen, Netherlands. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
-- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
