Hello,
I'm having an issue between client/server SSL/TLS authentication.
Basically, I want to use TLS, but *not* SASL. Unfortunately, everytime a
client queries the server, they look for the attribute
"supportedSASLMechanisms", which the server doesn't have, so it reports
"No such object."
here's the log output:
client
======
[root@charles root]# /usr/local/bin/ldapsearch -d4
request 1 done
ldap_sasl_interactive_bind_s: No such object (32)
server
======
[~]{56}# /usr/local/libexec/slapd -h "ldap:/// ldaps:///" -d4
daemon_init: ldap:/// ldaps:///
bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (December 19,
2002)
bdb_db_init: Initializing BDB database
bdb_db_open: dc=esm,dc=lanl,dc=gov
slapd starting
connection_get(14)
SRCH "" 0 0 0 0 0
filter: (objectClass=*)
attrs: supportedSASLMechanisms
send_ldap_result: err=0 matched="" text=""
connection_get(14)
What I want to know is if there's a way to use TLS w/o SASL? The
certificates all negotiate fine, etc. But the client hangs up on this.
Any ideas would be *greatly* appreciated. I've been trying to get this
stuff to work right for ages.