[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Netscape to slapd with SSL anonymous OK, login fails



I have just tested against ldap://ldap.openldap.org and
ldaps://ldap.openldap.org with my Netscape and both work OK, is there a
guest login to authenticate against please.

Thanks


----- Original Message -----
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
To: "Jim Hud" <jdhz@btinternet.com>
Cc: <openldap-software@OpenLDAP.org>
Sent: Sunday, October 15, 2000 8:02 PM
Subject: Re: Netscape to slapd with SSL anonymous OK, login fails


> At 07:43 PM 10/15/00 +0000, Jim Hud wrote:
> >Can someone help me understand the problem here please.  It looks like a
bug
> >in Netscape or slapd (but I have been wrong before).
>
> I've been using Netscape's ldaps:// with slapd without any significant
> problems.  I've also tested against numerous other clients (ldaps://
> and StartTLS) against slapd.   However, I'm not using the NT port of
> slapd.
>
> You're welcome to test your client's against the project's LDAP
> server: ldap://ldap.openldap.org (StartTLS) or ldaps://ldap.openldap.org.
> With some clients, you may have to use www.openldap.org instead of
> ldap.openldap.org due to DNS and Certificate issues.
>
> >Environment: OpenLDAP 2.0.6 NT4 compiled with HAVE_CYRUS_SSL undefined,
> >configured for TLS/SSL using OpenSSL 0.9.6.  Own demo CA and certificate
in
> >use.  Certificate installed in client using Netscape browser
> >(https://myserver:636) as per Julio, openldap-devel/199908/msg00039.html
> >
> >ldapsearch -Z appears to work OK in all four modes (Anon/Login SSL/No
SSL)
>
> Note that -Z issues a Start TLS operations but does not require
> it to be successful.  Use -ZZ to require successful Start TLS.
>
> Also note that StartTLS is quite different than LDAP over SSL (ldaps://).
> The former is the Standard Track mechanism to initiate TLS within
> the LDAP session.  The latter is a deprecated mechanism to operate
> LDAP over SSL.  Both mechanisms may be used to provide integrity
> and privacy protections but are not interoperable.  OpenLDAP 2.0
> supports BOTH mechanisms.
>
> I'm not familiar with the NT port...  the logs actually look
> fine if you assume the shutdown is intentional.
>
> >slap_sig_shutdown: signal 2
>
>
>
>
>
>
>