[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP & Thunderbird with SSL


I have OpenLDAP set up and working such that Thunderbird can access my addressbook without SSL or authentication. This part is good, but I want to move to the next level.

My OpenLDAP server (slapd) is set up with SASL authentication (using the PLAIN method) and a self-signed certificate. The slapd command line is:

/usr/local/libexec/slapd -h ldap:/// ldaps:///

When I connect to my OpenLDAP server using an OpenLDAP client such as ldapsearch, everything works (I have my self-generated CA cert as part of my system's ca-bundle):

ldapsearch -ZZ -b 'ou=xxx, dc=yyy,dc=zzz' '(objectclass=*)'

ldapsearch prompts for authentication and returns the contents of my addressbook:

SASL/PLAIN authentication started
Please enter your password:
SASL username: erik
# extended LDIF
# LDAPv3
# base <ou=xxx, dc=yyy,dc=zzz> with scope subtree
# filter: (objectclass=*)
# requesting: ALL

When I enable SSL in Thunderbird, Thunderbird is unable to connect. I know using tcpdump that it's attempting a connection on the SSL port, but is failing and giving up somewhere.

Is this a known issue?

In slapd.conf I'm not requiring authentication at the moment. I will require authentication once I get the SSL working; since I'm using PLAIN, I don't want to allow non-SSL authentication.

Any help would be greatly appreciated.