ons, 2003-02-12 kl. 22:32 skrev Chris Toshok: > > > Perhaps someone could actually try to assist us in figuring out what is > > > wrong here. I'd like to continue to use EVO, but, I need access to my > > > company LDAP. > > Hmm, I didn't receive this mail that Tony's responding to... private > mail?
No, it was posted to the list. Had it been private, I'd have forwarded it. > Anyway, I investigated this a little the last time you (David) sent mail > about it back in December I think? There wasn't much that could be > determined from my end here.. "openssl s_client" prints out the cert > fine, but ldapsearch hangs, just like evolution does. The error the > wombat printed out was 0x55 (LDAP_TIMEOUT), which is the same behavior > as the command line tool. This might be some failing with openssl, I > don't know. ldapsearch should never hang, but return a result - whatever that is. There's a list of errors in ldap.h as long as your arm to cope with all ldap eventualities (not poorly configured DNS or the like, though). I reckon you're still using a 2.0.x Openldap server. The general advice on the Openldap list is to make sure that this is the latest version, 2.0.27, but if you have the time - why not go the whole hog and compile and install 2.1.12 (latest release, with Cyrus SASL and BDB libs)? This is purely a question of choice, but there's been an awful lot of work done on Openldap lately, by the developers and all of them recommend updating to 2.1.x rather than 2.0.x. Furthermore, the difference between 2.1.8 and 2.1.10 is absolutely striking, due to 2.1.10 development work done by Howard Chu for Stanford University. [...] > > An LDAP client *should* be able to bind with SSL or TLS and strong SASL > > authentication. If the Evo smtp client can do all of this, including a > > subset of SASL, then there's no reason that the LDAP client shouldn't. > > But only if people work on it. > > While I agree that evolution should do both SSL/TLS (which it does for > me here, without problem) and SASL (which is planned), there isn't a > connection between what's possible in the mailer and the addressbook > unfortunately. O.k. > They're completely separate codebases, and they even use > a different SSL library (a fact that annoys me greatly). The mailer > also has access to the SSL library at a much lower level than the > openldap api provides us. O.k. > We just call ldap_start_tls and hope for the > best. That bit made me smile :-) It's possible to debug in detail at the server end, and if one's running Openldap clients like ldapsearch, they can be run at the same debug levels as slapd. Best, Tony - Tony Earnshaw "Can anyone define 'modern enclitic mediocrity' in terms of the Euro for me?" - Billy the (Norwegian-Dutch) Cat, Feb '03 e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
