On 25/05/11 10:12 +0700, Nguyen, Quoc Khanh wrote:
Thanks for your reply. Following your information, i changed saslauthd.conf: ldap_servers: ldap://localhost ldap_bind_dn: cn=admin,dc=abc,dc=com ldap_bind_pw: 123456789 ldap_search_base: dc=abc,dc=com ldap_start_tls: yes ldap_tls_cacert_dir: /var/myCA ldap_tls_cacert_file: /var/myCA/cacert.crt and i started OpenLDAP with parameter: root@ldap:/usr/local/openldap/libexec# ./slapd -h 'ldap:///' but it failed... too. I mean that i just want to encrypt a traffic connection between Cyrus SASL and OpenLDAP. So that i will config is: start OpenLDAP with parameter: root@ldap:/usr/local/openldap/libexec# ./slapd -h 'ldap:/// ldaps:///" ( I want to use both 389 and 636 ports) saslauthd.conf: ldap_servers: ldaps://localhost ldap_bind_dn: cn=admin,dc=abc,dc=com ldap_bind_pw: 123456789 ldap_search_base: dc=abc,dc=com Is that correct way?
If ldaps:/// should work just as well.. starttls would just be another way to accomplish the same thing. You might also need 'ldap_tls_check_peer: yes'. The documentation is unclear if that's needed for both ldaps:/// and starttls over ldap:///. -- Dan White
