[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Newbie question on client Auth and SSL

--On Friday, October 29, 2004 3:00 PM -0200 Bruno Di Rei Araujo <BrunoA@calu.com.br> wrote:

When I compile OpenLDAP with OpenSSL libraries present, does it enforces
SSL utilization from then on?

No. You can enforce the use of SSL via setting "ssf" factors in your ACLs however.

I'm experiencing the following: I've setup my server and have it working
fine. I can search (anonymous binding) and add entries using Manager
credentials. However, I can't search with a different binding, nor can I
authenticate using pam_auth (from Squid) thats the "only" application I
need working with ldap right now.  I issue the following:
(sorry for level -1 log, but I don't know which level would suffice)

You don't supply the commands you are using to try and bind via things other than Manager.

In fact, I don't know if I'm in front of two different problems or a single one, because of the bolded message in the log file (ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) ).

Have you examined your ACL's? You can ignore the resource temporarily unavailable error.

As the remote message was about connection error to server, I thought it
could be related to SSL. But I've compiled OpenLDAP with SSL support
***just in case*** I'd need it in the future. So I didn't create or setup
OpenSSL server. Is it related to the problem? And other question: anybody
knows which log level I can use to debug those "authentication" problems?

Having compiled it against OpenSSL should have no bearing on whether or not you can authenticate.


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html