[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaps vs -ZZ


Adam Gautier <adam_gautier@yahoo.com> writes:

> Why does 'ldapsearch -x -H ldaps://myserver.com "cn=*"' work but
> 'ldapsearch -x -h myserver.com -p 636 "cn=*" -ZZ' fails.  Both are
> using TLS but the second one returns:
> Client:
> %> ldapsearch -x -h myserver.com -p 636 "cn=*" -ZZ
> ldap_bind: Can't contact LDAP server (81)
> Any help would be great and I  can provide more info if needed.  I
> have search message archives about this to no avail. Any help would be
> great and greatly appreciated, Thanks.

You have to distinguish between STARTTLS and ldap over SSL. While
ldap_start_tls requires a slapd listening on the defined default
ldap port (389), thus ldap_start_tls is invoked by the -Z option; ldap
over SSL requires slapd listening on a definded secure ldaps port
(636) without invocation of ldap_start_tls. In order to make both
methods available, you should start ./slapd -h "ldap:/// ldaps:///" 


Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de