[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap + tls + sasldb = ?


Pardon my ignorance, but i'm setting up openldap with TLS support here,
and want to use a sasldb to authenticate users against.
right now, i have sasl + openldap working, so that non-tls connections
prompt me for a password, and it authenticates me against the sasldb.
however, when i use tls support, i am unable to get any response
from the server other than the generic local error, unless i specify
the '-x' option to ldapsearch, forcing it to use simple authentication
(AKA none). has anyone run into this problem before?

i've seen people using sasl + tls + kerberos, but kerberos seems overly
complicated for the task of authenticating users to a single service.
am i amazingly wrongheaded in thinking this?

Confused as always,

Justin Doiel <jdoiel@engr.uark.edu>

(bitch at me if you want logs of it all breaking, i'm lazy at 3:00 AM. :)