On 25/05/11 10:12 +0700, Nguyen, Quoc Khanh wrote:
Thanks for your reply. Following your information, i changed
saslauthd.conf:
ldap_servers: ldap://localhost
ldap_bind_dn: cn=admin,dc=abc,dc=com
ldap_bind_pw: 123456789
ldap_search_base: dc=abc,dc=com
ldap_start_tls: yes
ldap_tls_cacert_dir: /var/myCA
ldap_tls_cacert_file: /var/myCA/cacert.crt
and i started OpenLDAP with parameter:
root@ldap:/usr/local/openldap/libexec# ./slapd -h 'ldap:///'
but it failed... too.
I mean that i just want to encrypt a traffic connection between Cyrus SASL
and OpenLDAP. So that i will config is:
start OpenLDAP with parameter:
root@ldap:/usr/local/openldap/libexec# ./slapd -h 'ldap:/// ldaps:///" ( I
want to use both 389 and 636 ports)
saslauthd.conf:
ldap_servers: ldaps://localhost
ldap_bind_dn: cn=admin,dc=abc,dc=com
ldap_bind_pw: 123456789
ldap_search_base: dc=abc,dc=com
Is that correct way?
If ldaps:/// should work just as well.. starttls would just be another way
to accomplish the same thing.
You might also need 'ldap_tls_check_peer: yes'. The documentation is
unclear if that's needed for both ldaps:/// and starttls over ldap:///.
--
Dan White
