[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL problems

Option -X is for SASL configuration. If you want TLS, perhaps you mean -ZZ?

I'm not sure what pages you're looking at that confuse TLS and Kerberos. They are separate topics; for example, the OpenLDAP Administrator's Guide has separate chapters for TLS and Kerberos. That may be a better source to use as reference as you work this out.

You might also want to consider upgrading to 2.3.35. TLS bugs were fixed quite recently. See http://www.openldap.org/software/release/changes.html
for details.

On Tue, 22 May 2007, Craig wrote:

I am running openldap 2.2.13. I am having a problem getting TLS to work. I have done numerous searches, but most web pages seem to deal with LDAP/kerberos issues. We do not run kerberos. I am only trying to prevent passwords from being sent in the clear.

I have followed the instructions on this page:


I am able to run ldapsearch with simple auth:
ldapsearch -x

but, am not able to do any of the following:
ldapsearch -X u:myuid
ldapsearch -X dn:uid=myuid,ou=People,dc=example,dc=com

The error is (with "-d 255"):
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found)

It looks like the server is running fine. But, the logs don't really indicate what the problem is. (It seems to be more of a client issue, but still the server should give some hint in the logs.)

If you need more debugging info, just let me know.

Any help would be greatly appreciated.