[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL/SSL intermittent bind problem

>>>>> "Jason" == Jason Heiss <jheiss@ofb.net> writes:

    Jason> I have a Red Hat 7.1 system configured as a Kerberos and
    Jason> LDAP server using the RPMs provided by Red Hat.  Thus
    Jason> OpenLDAP 2.0.11.

    Jason> I have a problem where binds using SASL (as opposed to
    Jason> simple auth) occasionally fail.  This (simple auth, SSL or
    Jason> not) always works:

RH's OpenLDAP don't seem to have either TLS or SASL... You have to
recompile (or compile from pristine source)

    Jason> This (SASL, SSL) fails almost all of the time:

    Jason> ldapsearch -H ldaps:/// -b "" -s base -LLL
    Jason> supportedSASLMechanisms

    Jason> The failure is reported by ldapsearch as:

    Jason> ldap_result: Can't contact LDAP server

SSL do work however... Do you have a (propper) SSL certificate?
Do you have the TLS* entries in the slapd.conf?

        TLSCertificateFile      /etc/openldap/server.pem
        TLSCertificateKeyFile   /etc/openldap/server.pem
        TLSCACertificateFile    /etc/openldap/server.pem

or something similar?

 Turbo     __ _     Debian GNU     Unix _IS_ user friendly - it's just 
 ^^^^^    / /(_)_ __  _   ___  __  selective about who its friends are 
         / / | | '_ \| | | \ \/ /   Debian Certified Linux Developer  
  _ /// / /__| | | | | |_| |>  <  Turbo Fredriksson   turbo@tripnet.se
  \\\/  \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden