[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap SSL/TLS problem



At 09:33 AM 2001-08-30, Jehan PROCACCIA wrote:
>"Kurt D. Zeilenga" wrote:
>> 
>> At 02:43 AM 2001-08-30, Jehan PROCACCIA wrote:
>> >Here's my problem:
>> >
>> >$ ldapsearch -Z -H "ldaps://mci21056.int-evry.fr" -b "dc=int-evry,dc=fr"
>> >"uid=procacci"
>> >ldap_start_tls: Operations error
>> >        additional info: TLS already started
>> >ldap_sasl_interactive_bind_s: Unknown authentication method
>> 
>> You are trying to run Start TLS over ldaps://.  Since you
>> already started TLS by using ldaps://, issuing a Start
>> TLS command is pointless.  Don't use -Z and ldaps://
>> together.
>
>Truth is that I'am confused with sasl/ssl/tls !?, ldaps means tls ?
>an ldapsearch without -x nor -Z defaults to tls ? Any doc on this ?

It reasonable to be confused.  This just became a FAQ:
        http://www.openldap.org/faq/index.cgi?file=605
>> Then there appears to be no usable SASL method.  Likely
>> you haven't completed your SASL configuration yet.  Start
>> with setting up the sample client/server (or use -x to
>> use simple bind).
>I did nothing about sasl,

You implicitly requested use of SASL as you didn't specify -x.

>I thought that using ssl was a alternative to
>sasl !?

They generally are viewed as complementary.

Kurt