[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Re: ldap_sasl_interactive_bind_s: Local error ???

To: zhfei@sdb.ac.cn
Subject: Re: Re: ldap_sasl_interactive_bind_s: Local error ???
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 20 Nov 2002 14:53:39 +0100
Cc: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
In-reply-to: <200211201257.UAA110420@ns2.sdb.ac.cn>
Organization:
References: <200211201257.UAA110420@ns2.sdb.ac.cn>

ons, 2002-11-20 kl. 13:56 skrev Zhang Fei:

> >1: You seem to have previous experience with SSL. The fact that you are
> >using hashes of certs seem to infer that your experience was with
> >FreeS/WAN or Apache. Openldap 2.1 (at least) uses neither .der encoded
> >certificates nor hashes, but .pem encoded raw certs;

> You are right.I misunderstood the configuration guide of OpenLDAP with TLS,
> and I will correct it in my sldap.conf.


> >2: *Raw* Openldap SSL/TLS (TLS is different from SSL) does not use SASL,
> >which seems to be throwing you out (although SSL is refererred to as
> >SASL EXTERNAL). Not that SSL is not a valid SASL extra, it's just that
> >Openssl SASL is not necessary for Openldap SSL/TLS.
> I'm confused with the command:
> $ldapsearch localhost -b "o=MyTest,c=CN"  -s sub "(objectclass=*)" -x


>  It returns correct results without inputting any password! 
>  But "-x" option means it querys ldap server in Simple authentication.
>  Any error in my understanding?

All answers to the list, please, Zhang Fei, not to me privately.

You haven't started writing yet! Everything depends on your ACLs, just
work on and start doing profitable things. Then you'll find out for
yourself.

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

Prev by Date: Re: Re: ldap_sasl_interactive_bind_s: Local error ???
Next by Date: Re: ldap_sasl_interactive_bind_s: Local error ???
Index(es):
- Chronological
- Thread