[csw-users] dovecot + ldap tls
aza zel
azamax at gmail.com
Wed May 23 14:18:57 CEST 2007
yes, i can
%> /opt/csw/bin/openssl s_client -connect ldaphost:636 -showcerts
-bash-3.00# /opt/csw/bin/openssl s_client -connect 100.0.4.98:636 -showcerts
CONNECTED(00000003)
depth=1 /C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/DC=prueba.uy/OU=Informatica/CN=nadia.prueba.uy
i:/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
-----BEGIN CERTIFICATE-----
MIIDiDCCAnCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVkx
:
:
HhvqouYR7L9wjZxzlpQ5mDJPPTm6zeK9ENRzZkDLERcnJtu8ZnNAsk5UiM=
-----END CERTIFICATE-----
1 s:/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
i:/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
-----BEGIN CERTIFICATE-----
MIIErDCCA5SgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmjELMAkGA1UEBhMCVVkx
:
:
Xn9+rEhj2SzBIJHeE9KeB5dvZKKfakVY0aCbKPj+oQ/2oDcjQd+eP+T78J4zu/4d
-----END CERTIFICATE-----
---
Server certificate
subject=/DC=prueba.uy/OU=Informatica/CN=nadia.prueba.uy
issuer=/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
---
Acceptable client certificate CA names
/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado
CA/emailAddress=postmaster at prueba.uy
---
SSL handshake has read 2415 bytes and written 446 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID:
0894828FC87CBD59EF5AB9B548CA2D19ED317E79AA9A18E414CBE099B8A32C7D
Session-ID-ctx:
Master-Key:
C707109EA19D8BACA456BA763D98A2250FE3CF0095A8BB788887CCEA100F46C505805C55D346350E31C33
76FF3E19911
Key-Arg : None
Start Time: 1179921885
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
^C
%> /opt/csw/bin/ldapsearch -x -ZZZ -h ldaphost -b "dc=prueba,dc=uy"
> "objectclass=*"
here i have a problem, csw openldap not comes with an ldapsearch ¿:(? (i
could't find them), and i can't test in local machine because is a solaris
and this use an native ldap client (i configure them, but dovecot bind over
secure conection don work), so i can test with red hat client (ldapsearch)
[root at maximatt ~]# ldapsearch -x -v -Z -p 389 -h 100.0.4.98 \
> -D "cn=bindmailUsers,cn=mailUsers,dc=prueba,dc=uy" \
> -w passbindmailUsers -b "cn=mailUsers,dc=prueba,dc=uy" "uid=toto1"
ldap_initialize( ldap://100.0.4.98:389 )
filter: uid=toto1
requesting: ALL
# extended LDIF
#
# LDAPv3
# base <cn=mailUsers,dc=prueba,dc=uy> with scope sub
# filter: uid=toto1
# requesting: ALL
#
# toto1, mailUsers, prueba.uy
dn: uid=toto1, cn=mailUsers,dc=prueba,dc=uy
uid: toto1
givenName: toto1
sn: toto1
cn: toto1
quota: 0
uidNumber: 701
gidNumber: 100
homeDirectory: /export/home/vmail/
mailbox: prueba.uy/toto1/
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: shadowaccount
objectClass: posixaccount
objectClass: mailaccount
mailHost: prueba.uy
disablesmtp: FALSE
mail: toto1 at prueba.uy
disableimap: FALSE
userPassword:: e2NyeXB0fWVLM2tKa2RZN3FBMnM=
# search result
search: 3
result: 0 Success
# numResponses: 2
# numEntries: 1
i test conections with an sniffer too (snoop and ethereal) and they are
encryted.
Salu2 ;)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/users/attachments/20070523/1ebb57d9/attachment-0001.html>
More information about the users
mailing list