[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap SSL/TLS problem



vincent wrote:
> 
> Le Jeudi 30 Août 2001 11:43, Jehan PROCACCIA a écrit :
> > /etc/openldap/slapd.conf:
> ...
> >
> > TLSCipherSuite HIGH:MEDIUM
> > TLSCertificateFile /usr/share/ssl/certs/ldapserver.pem
> > TLSCertificateKeyFile /usr/share/ssl/certs/ldapserver.pem
> >
> > /etc/openldap/ldap.conf
> >
> > HOST mci21056.int-evry.fr
> > BASE dc=int-evry,dc=fr
> > URI ldaps://mci21056.int-evry.fr
> > ssl yes
> > #ssl start_tls
> >
> ...
> > Here's my problem:
> >
> > $ ldapsearch -Z -H "ldaps://mci21056.int-evry.fr" -b "dc=int-evry,dc=fr"
> 
> First, it seem that starttls work on regular ldap port and not ldaps, try to
> correct the uri of the command line and check port variable in /etc/ldap.conf
> file or remove the -Z flag to use ssl.
> 
> Vincent saugey

I tried with URI ldap://mci21056.int-evry.fr and ssl yes, there is no
specified port in /etc/ldap.conf (commented to 389) and I tried to
remove -Z in ldapsearch, now I get:

ldap_sasl_interactive_bind_s: No such attribute

with -Z

ldap_sasl_interactive_bind_s: Unknown authentication method

Actually I'am confused with ssl an start_tls (don't sere the
difference), is there a doc on this, have you sample config files to
show me ?

Thanks
-- 
Jehan Procaccia
Institut National des Telecommunications| Email:
Jehan.Procaccia@int-evry.fr 
MCI, Moyens Communs Informatiques	| Tel  : +33 (0) 160764436 
9 rue Charles Fourier 91011 Evry France | Fax  : +33 (0) 160764321