[Date Prev][Date Next]
Re: TLS/SSL problems
Option -X is for SASL configuration. If you want TLS, perhaps you mean
I'm not sure what pages you're looking at that confuse TLS and Kerberos.
They are separate topics; for example, the OpenLDAP Administrator's Guide
has separate chapters for TLS and Kerberos. That may be a better source to
use as reference as you work this out.
You might also want to consider upgrading to 2.3.35. TLS bugs were fixed
quite recently. See http://www.openldap.org/software/release/changes.html
On Tue, 22 May 2007, Craig wrote:
I am running openldap 2.2.13. I am having a problem getting TLS to work. I
have done numerous searches, but most web pages seem to deal with
LDAP/kerberos issues. We do not run kerberos. I am only trying to prevent
passwords from being sent in the clear.
I have followed the instructions on this page:
I am able to run ldapsearch with simple auth:
but, am not able to do any of the following:
ldapsearch -X u:myuid
ldapsearch -X dn:uid=myuid,ou=People,dc=example,dc=com
The error is (with "-d 255"):
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (No credentials cache found)
It looks like the server is running fine. But, the logs don't really indicate
what the problem is. (It seems to be more of a client issue, but still the
server should give some hint in the logs.)
If you need more debugging info, just let me know.
Any help would be greatly appreciated.