Hi,
This is possibly not the forum for this question, but some of you here
definitely know the answers.
I have installed openldap-2.0.19 and cyrus-sasl-1.5.27 and have authldap
working fine as long as I don't use TLS or SASL.
I have been doing a lot of frustrating testing over the last couple of weeks
with the ldapsearch client, again to no avail. As long as I use the -x
option ( simple authentication instead of SASL), it works fine.
When I try SASL authentication, I get a failure with:
ldap_sasl_interactive_bind_s: No such attribute
Debug on slapd suggests the attribute is supportedSASLMechanisms:
do_search
ber_scanf fmt ({aiiiib) ber:
SRCH "" 0 0 0 0 0
ber_scanf fmt (o) ber:
filter: (objectClass=*)
ber_scanf fmt ({v}}) ber:
attrs: supportedSASLMechanisms
=> send_search_entry: ""
supportedSASLMechanisms is a defined attribute type in core.schema, but
there is no suggestion as to what objectClass this may relate to. I would
like to set it to PLAIN within some object, but what???
My TLS efforts are equally frustrating. Whereas the slapd server has
TLSCipherSuite, TLSCertificateFile and TLSCertificateKeyFile (which I have
set as per my Courier and Apache mod_ssl), there seems to be no equivalent
for any of the clients. My TLS connections (ldapsearch -ZZ) fail with:
ldap_start_tls: Connect error
The slapd trace seems to get as far as exchanging ciphers before failing. I
have the allow tls_2_anon option set in my slapd.conf, which I expect allows
no client certificates ..??
connection_get(10)
connection_get(10): got connid=1
connection_read(10): checking for input on id=1
ber_get_next
ber_get_next: tag 0x30 len 29 contents:
ber_get_next
ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable)
do_extended
ber_scanf fmt ({a) ber:
do_extended: oid=1.3.6.1.4.1.1466.20037
send_ldap_extended 0: (0)
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 10
connection_get(10)
connection_get(10): got connid=1
connection_read(10): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(10)
connection_get(10): got connid=1
connection_read(10): checking for input on id=1
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
connection_get(10)
connection_get(10): got connid=1
connection_read(10): checking for input on id=1
ber_get_next
ber_get_next on fd 10 failed errno=0 (Success)
connection_read(10): input error=-2 id=1, closing.
connection_closing: readying conn=1 sd=10 for close
connection_close: conn=1 sd=10
TLS trace: SSL3 alert write:warning:close notify
Can someone please tell me which pieces of this puzzle I am missing!
Cheers, Alan
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
