[csw-users] dovecot + ldap tls

aza zel azamax at gmail.com
Wed May 23 14:18:57 CEST 2007


yes, i can

  %> /opt/csw/bin/openssl s_client -connect ldaphost:636 -showcerts


-bash-3.00# /opt/csw/bin/openssl s_client -connect 100.0.4.98:636 -showcerts
CONNECTED(00000003)
depth=1 /C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/DC=prueba.uy/OU=Informatica/CN=nadia.prueba.uy
   i:/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
-----BEGIN CERTIFICATE-----
MIIDiDCCAnCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVkx
:
:
HhvqouYR7L9wjZxzlpQ5mDJPPTm6zeK9ENRzZkDLERcnJtu8ZnNAsk5UiM=
-----END CERTIFICATE-----
 1 s:/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
   i:/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
-----BEGIN CERTIFICATE-----
MIIErDCCA5SgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmjELMAkGA1UEBhMCVVkx
:
:
Xn9+rEhj2SzBIJHeE9KeB5dvZKKfakVY0aCbKPj+oQ/2oDcjQd+eP+T78J4zu/4d
-----END CERTIFICATE-----
---
Server certificate
subject=/DC=prueba.uy/OU=Informatica/CN=nadia.prueba.uy
issuer=/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
---
Acceptable client certificate CA names
/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
---
SSL handshake has read 2415 bytes and written 446 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID:
0894828FC87CBD59EF5AB9B548CA2D19ED317E79AA9A18E414CBE099B8A32C7D
    Session-ID-ctx:
    Master-Key:
C707109EA19D8BACA456BA763D98A2250FE3CF0095A8BB788887CCEA100F46C505805C55D346350E31C33
76FF3E19911
    Key-Arg   : None
    Start Time: 1179921885
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
^C


  %> /opt/csw/bin/ldapsearch -x -ZZZ -h ldaphost -b "dc=prueba,dc=uy"
> "objectclass=*"



here i have a problem, csw  openldap not comes with an ldapsearch ¿:(? (i
could't find them), and i can't test in local machine because is a solaris
and this use an native ldap client (i configure them, but dovecot bind over
secure conection don work), so i can test with red hat client (ldapsearch)

[root at maximatt ~]# ldapsearch -x -v -Z -p 389 -h 100.0.4.98 \
> -D "cn=bindmailUsers,cn=mailUsers,dc=prueba,dc=uy" \
> -w passbindmailUsers -b "cn=mailUsers,dc=prueba,dc=uy" "uid=toto1"
ldap_initialize( ldap://100.0.4.98:389 )
filter: uid=toto1
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <cn=mailUsers,dc=prueba,dc=uy> with scope sub
# filter: uid=toto1
# requesting: ALL
#

# toto1, mailUsers, prueba.uy
dn: uid=toto1, cn=mailUsers,dc=prueba,dc=uy
uid: toto1
givenName: toto1
sn: toto1
cn: toto1
quota: 0
uidNumber: 701
gidNumber: 100
homeDirectory: /export/home/vmail/
mailbox: prueba.uy/toto1/
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: shadowaccount
objectClass: posixaccount
objectClass: mailaccount
mailHost: prueba.uy
disablesmtp: FALSE
mail: toto1 at prueba.uy
disableimap: FALSE
userPassword:: e2NyeXB0fWVLM2tKa2RZN3FBMnM=

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1


i test conections with an sniffer too (snoop and ethereal) and they are
encryted.

Salu2 ;)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/users/attachments/20070523/1ebb57d9/attachment-0001.html>


More information about the users mailing list