[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapsearch -H ldaps:// -d 255] is not working

in your slapd.conf do you have a rootpw entry?
Also, you're using SASL for authentication - I'm sorry for stating the otherwise obvious, and don't mean to insult your intelligence, but I should make a point here, that sometimes confuses people... SASL != SSL ;)

That said, what is your entire ldapsearch command string?
It should probably, have the -w rootpw_entry_from_slapd_conf_here switch.

Post the entire command string - without the rootpw, unless you don't care that we all see it.

JOYDEEP wrote:

louis gonzales wrote:

Does: netstat -an | grep 636
show that LDAPS is indeed LISTEN'ing?

here is the output of   "netstat -an | grep 636"

tcp        0      0   *               LISTEN
tcp        0      0 :::636                  :::*                    LISTEN

JOYDEEP wrote:

Greg Martin wrote:

if you run ldapsearch with the -x switch it you can use simple auth
with -D logindn  -w loginpassword

Thanks Greg for your response but [-x] actually disable the ssl and I
want to implement
it for security reason.


JOYDEEP wrote:

Dear list,

I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking
fine at
port 389 ( ldap://)
Now to secure it with  ssl, I have first generated a certificate with
Ca.sh script comes with linux.

then I have modified my /etc/openldap/slapd.conf as
TLSCertificateFile            /etc/openldap/myca/servercert.pem
TLSCertificateKeyFile        /etc/openldap/myca/serverkey.pem
TLSCACertificateFile         /etc/openldap/myca/cacert.pem
TLSVerifyClient never

I also modified /etc/openldap/ldap.conf  as
BASE    ou=Users,dc=kolkatainfoservices,dc=in
TLS_CACERT /etc/openldap/myca/cacert.pem

now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
sasl_client_step: 2
Please enter your password:
after giving the manager password which is seceret it reports
ldap_sasl_interactive_bind_s: Invalid credentials (49)
      additional info: SASL(-13): user not found: no secret in

could any one suggest what am I missing here ?

Email:    louis.gonzales@linuxlouis.net
WebSite:  http://www.linuxlouis.net
"Open the pod bay doors HAL!" -2001: A Space Odyssey
"Good morning starshine, the Earth says hello." -Willy Wonka