[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL problems

I know about the "-x" option. But, once that happens, it looks like the passwords are sent in clear text. (I did some packet traces and that's what it looks like to me.)

I need to have passwords sent over an encrypted connection. "-x" doesn't give me that.

Thanx for the thought, though. :)

Quanah Gibson-Mount wrote:
--On Tuesday, May 22, 2007 6:36 PM -0700 Craig <craig5@pobox.com> wrote:

I am running openldap 2.2.13. I am having a problem getting TLS to work.
I have done numerous searches, but most web pages seem to deal with
LDAP/kerberos issues. We do not run kerberos. I am only trying to prevent
passwords from being sent in the clear.

I have followed the instructions on this page:


I am able to run ldapsearch with simple auth: > ldapsearch -x

but, am not able to do any of the following:
 > ldapsearch
 > ldapsearch -X u:myuid
 > ldapsearch -X dn:uid=myuid,ou=People,dc=example,dc=com

The error is (with "-d 255"):
SASL/GSSAPI authentication started

You need to use a lower case x to disable GSSAPI. i.e.,

ldapsearch -x <whatever>


Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration