Re: openldap SSL/TLS problem

[Jehan PROCACCIA <jehan.procaccia@int-evry.fr>]

"Kurt D. Zeilenga" wrote:
> 
> At 02:43 AM 2001-08-30, Jehan PROCACCIA wrote:
> >Here's my problem:
> >
> >$ ldapsearch -Z -H "ldaps://mci21056.int-evry.fr" -b "dc=int-evry,dc=fr"
> >"uid=procacci"
> >ldap_start_tls: Operations error
> >        additional info: TLS already started
> >ldap_sasl_interactive_bind_s: Unknown authentication method
> 
> You are trying to run Start TLS over ldaps://.  Since you
> already started TLS by using ldaps://, issuing a Start
> TLS command is pointless.  Don't use -Z and ldaps://
> together.

Truth is that I'am confused with sasl/ssl/tls !?, ldaps means tls ? an
ldapsearch without -x nor -Z defaults to tls ? Any doc on this ?

> 
> Then there appears to be no usable SASL method.  Likely
> you haven't completed your SASL configuration yet.  Start
> with setting up the sample client/server (or use -x to
> use simple bind).
> 
> Kurt

I did nothing about sasl, I thought that using ssl was a alternative to
sasl !? do I need to configure something about sasl in slapd.conf, have
a sample file ?

anyway the search works fine with ldapsearch -x, but I want to run a
secure ldap transaction ...

Thanks.
-- 
Jehan Procaccia
Institut National des Telecommunications| Email:
Jehan.Procaccia@int-evry.fr 
MCI, Moyens Communs Informatiques	| Tel  : +33 (0) 160764436 
9 rue Charles Fourier 91011 Evry France | Fax  : +33 (0) 160764321