[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaps vs -ZZ

To: openldap-software@OpenLDAP.org
Subject: Re: ldaps vs -ZZ
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Wed, 11 Feb 2004 23:33:50 +0100
In-reply-to: <402A9EBB.3010002@yahoo.com> (Adam Gautier's message of "Wed, 11 Feb 2004 16:29:31 -0500")
References: <402A9EBB.3010002@yahoo.com>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

Hi,

Adam Gautier <adam_gautier@yahoo.com> writes:

> Why does 'ldapsearch -x -H ldaps://myserver.com "cn=*"' work but
> 'ldapsearch -x -h myserver.com -p 636 "cn=*" -ZZ' fails.  Both are
> using TLS but the second one returns:
>
> Client:
> %> ldapsearch -x -h myserver.com -p 636 "cn=*" -ZZ
> ldap_bind: Can't contact LDAP server (81)
[...]
>
> Any help would be great and I  can provide more info if needed.  I
> have search message archives about this to no avail. Any help would be
> great and greatly appreciated, Thanks.

You have to distinguish between STARTTLS and ldap over SSL. While
ldap_start_tls requires a slapd listening on the defined default
ldap port (389), thus ldap_start_tls is invoked by the -Z option; ldap
over SSL requires slapd listening on a definded secure ldaps port
(636) without invocation of ldap_start_tls. In order to make both
methods available, you should start ./slapd -h "ldap:/// ldaps:///" 

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

Follow-Ups:
- Re: ldaps vs -ZZ
  - From: Adam Gautier <adam_gautier@yahoo.com>

References:
- ldaps vs -ZZ
  - From: Adam Gautier <adam_gautier@yahoo.com>

Prev by Date: Re: ldaps vs -ZZ
Next by Date: Re: 2.2.x or 2.1.x? db4.1.24 or db 4.2.52 (plus patches)
Index(es):
- Chronological
- Thread