[ejabberd] LDAP authentication fails with SSL encryption

Renato Alves rjalves at igc.gulbenkian.pt
Fri Jul 6 19:20:53 MSK 2012


I'm not sure this ldap server supports starttls.
If I keep tls enabled and use port 389 I get a flood of errors on the
log (more than 4MB in a few seconds) which keep repeating:

=INFO REPORT==== 2012-07-06 16:15:32 ===
I(<0.290.0>:eldap:983) : LDAP connection on ldap:389

=WARNING REPORT==== 2012-07-06 16:15:32 ===
W(<0.275.0>:eldap:610) : LDAP server closed the connection: ldap:389
In State: connecting

=INFO REPORT==== 2012-07-06 16:15:32 ===
I(<0.287.0>:eldap:983) : LDAP connection on ldap:389

=ERROR REPORT==== 2012-07-06 16:15:32 ===
E(<0.290.0>:eldap:1016) : LDAP connection failed:
** Server: ldap:389
** Reason: closed
** Socket options: [{packet,asn1},{active,true},{keepalive,true},binary]

In addition, according to the documentation
(https://git.process-one.net/ejabberd/mainline/blobs/raw/v2.1.11/doc/guide.html#ldap)
starttls is not supported, so I'm a bit lost here.

Any further ideas?

Thanks

Quoting Gavin Henry on 07/06/2012 04:00 PM:
>> If I setup authentication with:
>>
>> {ldap_encrypt, none}.
>> {ldap_port, 389}.
>>
>> Everything works as expected and users are able to login.
>>
>> However when I enable encryption the server crashes at start. The
>> settings I have are the following:
>>
>> {ldap_encrypt, tls}.
>> {ldap_tls_verify, false}.
>> {ldap_port, 636}.
> 
> starttls runs on port 389, not 636. 636 is ldaps and is deprecated.
> Switch to port 389 and you'll be fine.
> 
> Thanks.
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20120706/585fb8db/attachment.bin>


More information about the ejabberd mailing list