Re: TLS/SSL problems

[Craig <craig5@pobox.com>]

I know about the "-x" option. But, once that happens, it looks like the 
passwords are sent in clear text. (I did some packet traces and that's 
what it looks like to me.)

I need to have passwords sent over an encrypted connection. "-x" doesn't 
give me that.

Thanx for the thought, though. :)


Quanah Gibson-Mount wrote:
> --On Tuesday, May 22, 2007 6:36 PM -0700 Craig <craig5@pobox.com> wrote:
>
> > I am running openldap 2.2.13. I am having a problem getting TLS to work.
> > I have done numerous searches, but most web pages seem to deal with
> > LDAP/kerberos issues. We do not run kerberos. I am only trying to prevent
> > passwords from being sent in the clear.
> >
> > I have followed the instructions on this page:
> >
> > http://www.ibm.com/developerworks/linux/library/l-openldap/
> >
> >
> > I am able to run ldapsearch with simple auth:
> >  > ldapsearch -x
> >
> > but, am not able to do any of the following:
> >  > ldapsearch
> >  > ldapsearch -X u:myuid
> >  > ldapsearch -X dn:uid=myuid,ou=People,dc=example,dc=com
> >
> > The error is (with "-d 255"):
> > ...
> > SASL/GSSAPI authentication started
>
> You need to use a lower case x to disable GSSAPI.  i.e.,
>
> ldapsearch -x <whatever>
>
> --Quanah
>
> --
> Quanah Gibson-Mount
> Principal Software Engineer
> Zimbra, Inc
> --------------------
> Zimbra ::  the leader in open source messaging and collaboration