Re: [ldapsearch -H ldaps:// -d 255] is not working

[louis gonzales <gonzales@linuxlouis.net>]

in your slapd.conf do you have a rootpw entry?
Also, you're using SASL for authentication - I'm sorry for stating the 
otherwise obvious, and don't mean to insult your intelligence, but I 
should make a point here, that sometimes confuses people...   SASL != 
SSL   ;)

That said, what is your entire ldapsearch command string?
It should probably, have the   -w rootpw_entry_from_slapd_conf_here   
switch.

Post the entire command string - without the rootpw, unless you don't 
care that we all see it.




JOYDEEP wrote:

> louis gonzales wrote:
>  
>
> > Does:    netstat -an | grep 636
> > show that LDAPS is indeed LISTEN'ing?
> >    
> here is the output of   "netstat -an | grep 636"
>
> tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN
> tcp        0      0 :::636                  :::*                    LISTEN
>
>
>  
>
> > JOYDEEP wrote:
> >
> >    
> >
> > > Greg Martin wrote:
> > >
> > >
> > >      
> > >
> > > > if you run ldapsearch with the -x switch it you can use simple auth
> > > > with -D logindn  -w loginpassword
> > > >
> > > >  
> > > >        
> > > Thanks Greg for your response but [-x] actually disable the ssl and I
> > > want to implement
> > > it for security reason.
> > >
> > >
> > >      
> > >
> > > > \\Greg
> > > >
> > > > JOYDEEP wrote:
> > > >  
> > > >        
> > > >
> > > > > Dear list,
> > > > >
> > > > > I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking
> > > > > fine at
> > > > > port 389 ( ldap://)
> > > > > Now to secure it with  ssl, I have first generated a certificate with
> > > > > Ca.sh script comes with linux.
> > > > >
> > > > > then I have modified my /etc/openldap/slapd.conf as
> > > > > =========================================
> > > > > TLSCipherSuite HIGH:MEDIUM:+SSLv2
> > > > > TLSCertificateFile            /etc/openldap/myca/servercert.pem
> > > > > TLSCertificateKeyFile        /etc/openldap/myca/serverkey.pem
> > > > > TLSCACertificateFile         /etc/openldap/myca/cacert.pem
> > > > > TLSVerifyClient never
> > > > > =========================================
> > > > >
> > > > > I also modified /etc/openldap/ldap.conf  as
> > > > > =================================
> > > > > HOST 127.0.0.1:636
> > > > > BASE    ou=Users,dc=kolkatainfoservices,dc=in
> > > > > TLS_CACERT /etc/openldap/myca/cacert.pem
> > > > > =================================
> > > > >
> > > > > now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
> > > > > ======================
> > > > > ldap_msgfree
> > > > > sasl_client_step: 2
> > > > > Please enter your password:
> > > > > ======================
> > > > > after giving the manager password which is seceret it reports
> > > > > ==========================
> > > > > ldap_msgfree
> > > > > ldap_perror
> > > > > ldap_sasl_interactive_bind_s: Invalid credentials (49)
> > > > >       additional info: SASL(-13): user not found: no secret in
> > > > > database
> > > > > ============================================
> > > > >
> > > > > could any one suggest what am I missing here ?
> > > > > thanks.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >    
> > > > >          
> > > >  
> > > >        
> >    


--
Email:    louis.gonzales@linuxlouis.net
WebSite:  http://www.linuxlouis.net
"Open the pod bay doors HAL!" -2001: A Space Odyssey
"Good morning starshine, the Earth says hello." -Willy Wonka