Re: [Exim] LDAP(s) Auth/TLS problem

----- Original Message -----
From: "Tony Earnshaw" <tonni@???>
To: <exim-users@???>
Sent: Wednesday, May 21, 2003 2:04 AM
Subject: Re: [Exim] LDAP(s) Auth/TLS problem


> man, 19.05.2003 kl. 05.20 skrev Reijo Pitkanen:
>
> > Attempting to connect to a Windows 2000 PDC for LDAP authentication.
> > Connecting from a Debian-woody-3.0/exim-4.20/exiscan-acl-06 box
> >
> > given the below authenticator, i'd been having no issues. LDAP
>
> > Does the TLS subsystem use the cert/key for ldap authentication?
>
> Not for Exim, if that's what you're talking about. The certs are simply
> used for encryption - ldaps and STARTTLS. Exim seems to accept
> Openldap's (at any rate) public key without being told where to look for
> the CA cert, so it should do the same for AD. OTOH and IIRC, AD can be
> configured not to use port 636 - but whether it can use TLS on 389 or
> not, I wouldn't know.
>

So, the certificate/key pair that's used for outbound STARTTLS sessions is
the same cert/key used for ldaps authentication/id?? I kind of figured
along this line and added the cert as a cert for the ldap user... that threw
the same errors...

s-t-r-a-n-g-e.

I should mention that this exact configuration works perfectly on another
machine running the same OS/software, but on i386. Oh, and the proper DNS
entries are in place for all the machines, both in forward and reverse DNS.

I'm thinking this might be more of a general AD/LDAP issue at this point
though.. Grr.


-r