Home

ejabberd + LDAP + TLS

Submitted by carlosmf on Fri, 2006-05-12 11:02

im traying to connnect ejabberd with a LDAP DB for authentication. When I configure ejabberd for unencrypted connection i can auth but if i configure for TLS connection i cant login.

can anyone help me??

my ejjaberd version is 1.1.1

Currently no LDAPS support in ejabberd

Submitted by fseesink on Fri, 2006-05-12 19:16.

A search on the site for terms 'LDAP' and 'SSL' or 'LDAPS' would reveal the following, among others:

http://www.ejabberd.im/node/613
http://www.ejabberd.im/node/719

In short, at this point there is no LDAPS support. Can't speak to when we might see it, as I'm not part of the dev team. But feel free to put in a feature request, or if you're ok getting your hands dirty, try some of the info provided and modify the code.

»

Re: Currently no LDAPS support in ejabberd

Submitted by mfoss on Fri, 2006-05-12 21:53.
fseesink wrote:

A search on the site for terms 'LDAP' and 'SSL' or 'LDAPS'

Small clarification: he tries to use LDAP to store passwords, and clients using STARTTLS to connect. It seems those options are mutually exclusive for him. He does not mean LDAPS.

He posted the same question, but more detailed and in spanish on
ejabberd 1.1.1 + LDAP + TLS.

So his question could be rephrased as: 'Is there any known imcompatibility between 'LDAP auth method' and 'STARTTLS encryption on C2S'?

»

Re: Currently no LDAPS support in ejabberd

Submitted by carlosmf on Mon, 2006-05-15 07:18.
badlop wrote:

So his question could be rephrased as: 'Is there any known imcompatibility between 'LDAP auth method' and 'STARTTLS encryption on C2S'?

Thank you, badlop.

Anyone had the same problem??

»

Ah. My bad. Sorry, read

Submitted by fseesink on Tue, 2006-05-16 00:22.

Ah. My bad. Sorry, read the original post quickly and missed that.

As for the his actual question, can't speak for latest ejabberd 1.1.1 yet, but as of 1.1.0 (Windows version running on XP Pro), have never had an issue and tend to have a similar setup (using LDAP for authentication, clients logging in via STARTTLS).

Will write back once I get patched up to 1.1.1 if things are different.

»

The problem may be the SASL

Submitted by carlosmf on Tue, 2006-05-16 10:45.

The problem may be the SASL:
When i enable it in tkabber, TLS is active in server and auth is using LDAP, Conection is refused because socket cant be opnened(as the error message says in tkabber).

When its enables in tkabber, conection is unencrypted or TLS but auth is internal, SASL works perfect.

when SASL is disabled in tkabber(two options), conection unencrypted and auth LDAP. it runs well but unencrypted.
If i enable the "Use SASL authentication" in tkabber, error message says: "SASL auth error: no mechanism available..."

*non-SASL it isnt suported.
*LDAP server is compiled with: TLS and SASL.
*OS is: Suse 10, ejabberd version is 1.1.1, LDAP version is 2.3.21
*i have tried with pass stored in plain text, ssha and md5 in the attribute userPassword in the LDAP users tree.

Thanks for help. Yes i have a bad Englis, Sorry :P

»
Syndicate content

User login