Uwe Lienig wrote:
I was not able to verify TLS over ldap with openssl. openssl s_client -host ldap.server -port 389 -CApath /etc/openssl/CAcerts \ -showcerts CONNECTED(00000004) write:errno=54
TLS support requires special protocol routine over the TCP unsecured channel for a given service. You get this with -starttls <protocol>, but a quick look at openssl man page does not list LDAP as supported.
I think most of LDAP authentication including certificate validation is now working. At this last step enabling encryption I've stopped my efforts since I'm out of options to try. May be I've missed something in my configuration. I thought on using ldap with sasl but that would introduce a new configuration file to be maintained. And last but not least I'd like to understand why the PAM mechanism is not working. Hints are appreciated.
Two questions first: - what's in your /etc/pam.d/saslauthd and saslauthd.conf? - can you authenticate correctly with a dummy account using testsaslauthd? -- Jean-Yves Migeon jeanyves.migeon%free.fr@localhost