[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS: hostname does not match CN in peer certificate

On Tuesday 25 October 2005 13:03, John Manning wrote:
> Quanah Gibson-Mount <quanah@stanford.edu> wrote:
> >>$ ldapsearch -v -D "cn=someuser, o=users" -H ldaps://foo.bar.tld:636 -ZZ
> >>ldap_initialize( ldaps://foo.bar.tld:636 )
> >>ldap_start_tls: Operations error (1)
> >>         additional info: TLS is is already established
> >
> >You don't need -ZZ if you are using an LDAPS URL, as the LDAPS URL
> >indicates you want SSL encryption.
> Thanks Quanah. Apologies for not being totally clear in the previous. I had
> spotted the redundancy between the "ldaps" scheme and the -ZZ option and
> tried it without the -ZZ option. But I got:
> $ ldapsearch -v -D "cn=someuser, o=users" -H ldaps://foo.bar.tld:636
> ldap_initialize( ldaps://foo.bar.tld:636 )
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>         additional info: SASL(-4): no mechanism available:

I don't think you were using SASL before (whereas Quanah always does ;-)), so 
you still need the -x flag.

Buchan Milne
ISP Systems Specialist

Attachment: pgpti9YEWerO1.pgp
Description: PGP signature