Hi:
I have OpenLDAP set up and working such that Thunderbird can access my addressbook without SSL or authentication. This part is good, but I want to move to the next level.
My OpenLDAP server (slapd) is set up with SASL authentication (using the PLAIN method) and a self-signed certificate. The slapd command line is:
/usr/local/libexec/slapd -h ldap:/// ldaps:///
When I connect to my OpenLDAP server using an OpenLDAP client such as ldapsearch, everything works (I have my self-generated CA cert as part of my system's ca-bundle):
ldapsearch -ZZ -b 'ou=xxx, dc=yyy,dc=zzz' '(objectclass=*)'
ldapsearch prompts for authentication and returns the contents of my addressbook:
SASL/PLAIN authentication started Please enter your password: SASL username: erik SASL SSF: 0 # extended LDIF # # LDAPv3 # base <ou=xxx, dc=yyy,dc=zzz> with scope subtree # filter: (objectclass=*) # requesting: ALL # . . .
When I enable SSL in Thunderbird, Thunderbird is unable to connect. I know using tcpdump that it's attempting a connection on the SSL port, but is failing and giving up somewhere.
Is this a known issue?
In slapd.conf I'm not requiring authentication at the moment. I will require authentication once I get the SSL working; since I'm using PLAIN, I don't want to allow non-SSL authentication.
Any help would be greatly appreciated.
Regards,
Erik.
openldap-technical@openldap.org