I have OpenLDAP set up and working such that Thunderbird can access my
addressbook without SSL or authentication. This part is good, but I want to
move to the next level.
My OpenLDAP server (slapd) is set up with SASL authentication (using the PLAIN
method) and a self-signed certificate. The slapd command line is:
/usr/local/libexec/slapd -h ldap:/// ldaps:///
When I connect to my OpenLDAP server using an OpenLDAP client such as
ldapsearch, everything works (I have my self-generated CA cert as part of my
ldapsearch -ZZ -b 'ou=xxx, dc=yyy,dc=zzz' '(objectclass=*)'
ldapsearch prompts for authentication and returns the contents of my
SASL/PLAIN authentication started
Please enter your password:
SASL username: erik
SASL SSF: 0
# extended LDIF
# base <ou=xxx, dc=yyy,dc=zzz> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
When I enable SSL in Thunderbird, Thunderbird is unable to connect. I know
using tcpdump that it's attempting a connection on the SSL port, but is failing
and giving up somewhere.
Is this a known issue?
In slapd.conf I'm not requiring authentication at the moment. I will require
authentication once I get the SSL working; since I'm using PLAIN, I don't want
to allow non-SSL authentication.
Any help would be greatly appreciated.
Show replies by thread