[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8170) ldapsearch -Z appears not to work

To: openldap-its@OpenLDAP.org
Subject: (ITS#8170) ldapsearch -Z appears not to work
From: meta@pobox.com
Date: Thu, 11 Jun 2015 22:03:04 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: mathew murphy
Version: 2.4.40
OS: CentOS 7
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (2605:6000:ee08:3200:56ee:75ff:fe4a:3f67)


% ldapsearch --help
[...]
  -Z         Start TLS request (-ZZ to require successful response)
% ldapsearch -x -Z -h localhost -p 636 -b 'dc=mydc' '(objectclass=*)'
ldap_start_tls: Can't contact LDAP server (-1)
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

However:

% ldapsearch -x -H ldaps://localhost:636 -b 'dc=mydc' '(objectclass=*)'
[lots of data]

So -Z isn't needed if you use -H ldaps://..., and doesn't work if you don't.

I realize that the FAQ mentions in passing that you need to use -H, but it's
really well hidden compared to the bad advice given by ldapsearch --help.

Prev by Date: (ITS#8169) [LMDB][PATCH] Allow passing manprefix to make install
Next by Date: Re: (ITS#8170) ldapsearch -Z appears not to work
Index(es):
- Chronological
- Thread