Hi,
I'm trying to authenticate users against an LDAP database ... now, I already have that running on several servers that use the "normal" tree setup, something like "cn=username,ou=somebranch,ou=domain,ou=tld", with a search_base of ou=domain,ou=tld. The place I'm trying to configure it for now is using a - AFAICT - rather unusal schema, as they have a tree that uses multiple top level o=, and start underneath there, so there may by user entries like
cn=user1,ou=USERS,o=branch1 and cn=user2,ou=USERS,o=branch2
(historically, ldap trees from several locations were just merged together, which led to this)
How can I get SASL to search in such a configuration? I already tried a "ou=USERS,o=*" syntax, which I didn't expect to work (and it didn't)
Also, I know that saslauthd or other apps will need to check the resulting username/pw, so I tried binding with the DN and PW of an account, resulting in a "Confidentiality required" ... using ldaps:// notation didn't work, as the remote server (Novell eDirectory) probably isn't configured for that, and -Z for TLS also fails with
ldap_start_tls: Server is unavailable (52) additional info: TLS services are not available
From what I can find, the message should come up if the server is
configured for requiring secure queries, but then I would expect it to also be configured to SUPPORT either one of the methods ...
Help appreciated,
-garry
openldap-technical@openldap.org