Hi again Rob,

I have added the use_tls option, with no success.

Here is my complete config -- http://pastebin.com/E75JvDiQ

Also here is the logged error I receive whenever I try to specify a port 
with hostname (ex.* hostname = 'auth.example.com:636',*) -- 
http://pastebin.com/XW2kmEcA

If I don't specify the port, even with the *use_tls = true *--- it still 
will use a default connection port of 389, as I can see through firewall 
logs.

Thanks for the assistance

-John


On Thursday, December 19, 2013 12:23:55 PM UTC-8, Rob Hoelz wrote:
>
> Hi John, 
>
> What does your prosody configuration look like?  Do you have use_tls 
> set in the ldap section?  (Probably not, as I just realized that this 
> option is undocumented!) 
>
> -Rob 
>
> On Wed, 18 Dec 2013 16:38:44 -0800 (PST) 
> John T <c1nc...@gmail.com <javascript:>> wrote: 
>
> > Thanks Rob, I am slowly trying to work through it. 
> > 
> > I have however run into another speed bump with the ldap plugins...I 
> > can't seem to connect to an external ldap server using tls/port 636. 
> > 
> > If I run an ldapsearch *below* (ldap-utils) from the prosody box to 
> > external ldap server, results are returned as expected: 
> > 
> > *ldapsearch -H ldaps://ld1.example.com:636 -D 
> > "cn=admin,dc=example,dc=com" -w "password" -b 
> > "ou=domains,ou=groups,dc=example,dc=com" 
> > "(&(objectclass=posixgroup)(memberUid=testuser))"* 
> > 
> > If I use cyrus sasl for ldap authentication with prosody, 
> > registration works fine over tls/636, but then I cant use ldap for 
> > roster, or vcard this way. 
> > 
> > Also connecting to external server over port 389 *insecurely*, 
> > everything works too. 
> > 
> > Here is my config: 
> > http://pastebin.com/c6Z11yV8 
> > 
> > 
> > Can anyone point me in the right direction? 
> > 
> > Thanks for looking! 
> > 
> > 
> > On Saturday, December 14, 2013 1:28:26 PM UTC-8, Rob Hoelz wrote: 
> > > 
> > > The change wouldn't actually be that bad; you just need to find the 
> > > relevant portions of mod_ldap_auth2 and mod_storage_ldap that refer 
> > > to the memberfield of the user. 
> > > 
> > > On Sat, 14 Dec 2013 12:47:43 -0800 (PST) 
> > > John T <c1nc...@gmail.com <javascript:>> wrote: 
> > > 
> > > > Hi Rob, 
> > > > 
> > > > Now that I think through it the change to groupofnames should be 
> > > > a pretty simple hack, I think? 
> > > > 
> > > > First the only change in the ldap-config would be the change the 
> > > > value of "memberfield" to *member* from *memberUid* like so: 
> > > > 
> > > >     groups = { 
> > > >       basedn      = 'ou=groups,dc=example,dc=com', -- The base DN 
> > > > where group records can be found 
> > > >       memberfield = '*member*', 
> > > >       namefield   = 'cn', 
> > > > 
> > > > this should return something like : 
> > > > "*cn=user1,ou=people,dc=example,dc=com*" -- vs posix memberUid : 
> > > > "*user1*" 
> > > > 
> > > > Would it be as simple as using a regex to strip "cn=" and 
> > > > everything after and including the first comma? 
> > > > 
> > > > Does this sound right? Or am I way off? 
> > > > 
> > > 
> > > 
> > 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at http://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to