[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Re: ldap_sasl_interactive_bind_s: Local error ???

Tony Earnshaw,
	Thanks angain for your suggestions.
>1: You seem to have previous experience with SSL. The fact that you are
>using hashes of certs seem to infer that your experience was with
>FreeS/WAN or Apache. Openldap 2.1 (at least) uses neither .der encoded
>certificates nor hashes, but .pem encoded raw certs;

You are right.I misunderstood the configuration guide of OpenLDAP with TLS,
and I will correct it in my sldap.conf.

>2: *Raw* Openldap SSL/TLS (TLS is different from SSL) does not use SASL,
>which seems to be throwing you out (although SSL is refererred to as
>SASL EXTERNAL). Not that SSL is not a valid SASL extra, it's just that
>Openssl SASL is not necessary for Openldap SSL/TLS.
I'm confused with the command:
$ldapsearch localhost -b "o=MyTest,c=CN"  -s sub "(objectclass=*)" -x
 It returns correct results without inputting any password! 
 But "-x" option means it querys ldap server in Simple authentication.
 Any error in my understanding?


Zhang Fei

R&D of SDB Department