Re: Newbie question on client Auth and SSL

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Friday, October 29, 2004 3:00 PM -0200 Bruno Di Rei Araujo 
<BrunoA@calu.com.br> wrote:

> When I compile OpenLDAP with OpenSSL libraries present, does it enforces
> SSL utilization from then on?

No.  You can enforce the use of SSL via setting "ssf" factors in your ACLs 
however.

> I'm experiencing the following: I've setup my server and have it working
> fine. I can search (anonymous binding) and add entries using Manager
> credentials. However, I can't search with a different binding, nor can I
> authenticate using pam_auth (from Squid) thats the "only" application I
> need working with ldap right now.  I issue the following:
> (sorry for level -1 log, but I don't know which level would suffice)


You don't supply the commands you are using to try and bind via things 
other than Manager.

> In fact, I don't know if I'm in front of two different problems or a
> single one, because of the bolded message in the log file (ber_get_next
> on fd 9 failed errno=11 (Resource temporarily unavailable) ).

Have you examined your ACL's?  You can ignore the resource temporarily 
unavailable error.

> As the remote message was about connection error to server, I thought it
> could be related to SSL. But I've compiled OpenLDAP with SSL support
> ***just in case*** I'd need it in the future. So I didn't create or setup
> OpenSSL server. Is it related to the problem? And other question: anybody
> knows which log level I can use to debug those "authentication" problems?

Having compiled it against OpenSSL should have no bearing on whether or not 
you can authenticate.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html