[Date Prev][Date Next]
Re: Netscape to slapd with SSL anonymous OK, login fails
I have just tested against ldap://ldap.openldap.org and
ldaps://ldap.openldap.org with my Netscape and both work OK, is there a
guest login to authenticate against please.
----- Original Message -----
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
To: "Jim Hud" <email@example.com>
Sent: Sunday, October 15, 2000 8:02 PM
Subject: Re: Netscape to slapd with SSL anonymous OK, login fails
> At 07:43 PM 10/15/00 +0000, Jim Hud wrote:
> >Can someone help me understand the problem here please. It looks like a
> >in Netscape or slapd (but I have been wrong before).
> I've been using Netscape's ldaps:// with slapd without any significant
> problems. I've also tested against numerous other clients (ldaps://
> and StartTLS) against slapd. However, I'm not using the NT port of
> You're welcome to test your client's against the project's LDAP
> server: ldap://ldap.openldap.org (StartTLS) or ldaps://ldap.openldap.org.
> With some clients, you may have to use www.openldap.org instead of
> ldap.openldap.org due to DNS and Certificate issues.
> >Environment: OpenLDAP 2.0.6 NT4 compiled with HAVE_CYRUS_SSL undefined,
> >configured for TLS/SSL using OpenSSL 0.9.6. Own demo CA and certificate
> >use. Certificate installed in client using Netscape browser
> >(https://myserver:636) as per Julio, openldap-devel/199908/msg00039.html
> >ldapsearch -Z appears to work OK in all four modes (Anon/Login SSL/No
> Note that -Z issues a Start TLS operations but does not require
> it to be successful. Use -ZZ to require successful Start TLS.
> Also note that StartTLS is quite different than LDAP over SSL (ldaps://).
> The former is the Standard Track mechanism to initiate TLS within
> the LDAP session. The latter is a deprecated mechanism to operate
> LDAP over SSL. Both mechanisms may be used to provide integrity
> and privacy protections but are not interoperable. OpenLDAP 2.0
> supports BOTH mechanisms.
> I'm not familiar with the NT port... the logs actually look
> fine if you assume the shutdown is intentional.
> >slap_sig_shutdown: signal 2