[ejabberd] LDAP authentication fails with SSL encryption

Renato Alves rjalves at igc.gulbenkian.pt
Fri Jul 6 19:40:49 MSK 2012


By "not sure this ldap server supports starttls" I mean that the LDAP
server is rather old. More than 5 years old if I'm not mistaken.

I believe it's running OpenLDAP but I can't determine the exact version.

It supports LDAPS though as indicated on the original message.

Quoting Renato Alves on 07/06/2012 04:20 PM:
> I'm not sure this ldap server supports starttls.
> If I keep tls enabled and use port 389 I get a flood of errors on the
> log (more than 4MB in a few seconds) which keep repeating:
> 
> =INFO REPORT==== 2012-07-06 16:15:32 ===
> I(<0.290.0>:eldap:983) : LDAP connection on ldap:389
> 
> =WARNING REPORT==== 2012-07-06 16:15:32 ===
> W(<0.275.0>:eldap:610) : LDAP server closed the connection: ldap:389
> In State: connecting
> 
> =INFO REPORT==== 2012-07-06 16:15:32 ===
> I(<0.287.0>:eldap:983) : LDAP connection on ldap:389
> 
> =ERROR REPORT==== 2012-07-06 16:15:32 ===
> E(<0.290.0>:eldap:1016) : LDAP connection failed:
> ** Server: ldap:389
> ** Reason: closed
> ** Socket options: [{packet,asn1},{active,true},{keepalive,true},binary]
> 
> In addition, according to the documentation
> (https://git.process-one.net/ejabberd/mainline/blobs/raw/v2.1.11/doc/guide.html#ldap)
> starttls is not supported, so I'm a bit lost here.
> 
> Any further ideas?
> 
> Thanks
> 
> Quoting Gavin Henry on 07/06/2012 04:00 PM:
>>> If I setup authentication with:
>>>
>>> {ldap_encrypt, none}.
>>> {ldap_port, 389}.
>>>
>>> Everything works as expected and users are able to login.
>>>
>>> However when I enable encryption the server crashes at start. The
>>> settings I have are the following:
>>>
>>> {ldap_encrypt, tls}.
>>> {ldap_tls_verify, false}.
>>> {ldap_port, 636}.
>>
>> starttls runs on port 389, not 636. 636 is ldaps and is deprecated.
>> Switch to port 389 and you'll be fine.
>>
>> Thanks.
>>
> 
> 
> 
> 
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20120706/6b02723f/attachment.bin>


More information about the ejabberd mailing list