From: Igor Brezac (no email)
Date: Wed Jun 01 2005 - 12:17:23 EDT
On Wed, 1 Jun 2005, Paul van der Vlis wrote:
> Hello,
>
> I want to authentifate to a Novell NDS from saslauthd on a Debian Sarge
> machine.
>
> This works fine:
> ldapsearch -x -b "cn=paulvdv,o=wlg" -D "cn=paulvdv,o=wlg"
> -w secret -H ldaps://firewall.domain.nl:636
>
> This is my saslauthd.conf:
> --------
> ldap_servers: ldaps://firewall.domain.nl:636/
> ldap_tls_cert: /home/paul/.cert/cacert.pem
> ldap_tls_key: /home/paul/.cert/privkey.pem
It appears you are specifying ca cert as the client cert. Is this what
you want? Your configuration does not require client cert so you should
remove those params. Perhaps you wanted to specify
ldap_tls_cacert_(file|dir)?
> ldap_search_base: cn=paulvdv,o=wlg
> ldap_filter: cn=%u,o=wlg
Have you tried this filter in the ldapsearch above? This does not look
right.
> --------
You are missing ldap_bind_db and ldap_password in this particular
configuration.
-Igor
> In this test-situation, everybody can read the files in
> /home/paul/.cert. In .ldaprc I use the same files:
> ------
> TLS_CERT /home/paul/.cert/cacert.pem
> TLS_KEY /home/paul/.cert/privkey.pem
> TLS_REQCERT never
> ------
>
> I use ldap as mechanism for saslauthd.
>
> The authentification with saslauthd does not work:
> vlis:/home/paul# testsaslauthd -u paulvdv -p secret
> 0: NO "authentication failed"
>
> Can somebody help me?
>
> With regards,
> Paul van der Vlis.
> Groningen, Netherlands.
>
>
>
>
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
-- Igor --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|