[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_sasl_interactive_bind_s: Confidentiality required (13)

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: ldap_sasl_interactive_bind_s: Confidentiality required (13)
From: Nhut Thai Le <nhut_le@alcor.concordia.ca>
Date: Fri, 01 Sep 2006 16:37:46 -0400
In-reply-to: <70fbbb000608312042u22213d06g160e5048bbb687a7@mail.gmail.com>
References: <44F79818.6040902@alcor.concordia.ca> <70fbbb000608312042u22213d06g160e5048bbb687a7@mail.gmail.com>
User-agent: Thunderbird 1.5.0.5 (X11/20060808)

You are right, i didn't pass the -x and -W to ldapsearch/ldapwhoami since i though it gonna use the root password i put in the /etc/ldap.conf by default. The command i use is: * ldapsearch -x -W -b 'cn=lightportal'* *Enter Password: * //i give no password, just press Enter then it print out:* # extended LDIF # # LDAPv3 # base <dc=lightportal> with scope subtree # filter: (objectclass=*) # requesting: ALL #

# search result
search: 2
result: 13 Confidentiality required
text: confidentiality required

# numResponses: 1* With the same command as above, but giving a root password which has been put in the /etc/ldap.conf (encrypted) yield the following error: * ldap_bind: Invalid credentials (49) * Try with * ldapsearch -x -W -b "dc=lightportal" -D "cn=Manager,dc=lightportal" *

also result error:*

ldap_bind: Confidentiality required (13)
      additional info: confidentiality required*

Why doesnt ldap accept my password?
My /etc/ldap.conf is:

host 192.168.2.101
base dc=lightportal
rootbinddn cn=manager,dc=lightportal
nss_initgroups_ignoreusers root,ldap
ssl start_tls
ssl on
tls_cacertfile /etc/openldap/cacerts/slapd-cert.crt
tls_cacertdir /etc/openldap/cacerts
tls_ciphers HIGH
tls_cert /etc/openldap/cacerts/slapd-cert.crt
tls_key /etc/openldap/cacerts/slapd-key.pem
ssl start_tls
tls_cacertdir /etc/openldap/cacerts
pam_password md5

And even i can search without providing password, the client cannot authenticate user in the ldap server. Any suggestion? Thank you very much for your help Thai TechnoSophos wrote:

Can you post your slapd.conf and the command line you are using with
ldapsearch or ldapwhomai?

You are probably just forgetting the '-x' flag when doing
ldapsearch/ldapwhoami. ldapsearch should be something like this:

$ ldapsearch -x -W -b "dc=example,dc=com" -D "cn=Manager,dc=example,dc=com"

On 8/31/06, Nhut Thai Le <nhut_le@alcor.concordia.ca> wrote:

Hi,
I am configuring ldap service for my network. On the server, slapcat
print out correct directories that have been added. However, on the
client, it doesn't seem that the client can connect to the server. Using
ldapwhoami or ldapsearch 'root' yield the following error:
*ldap_sasl_interactive_bind_s: Confidentiality required (13)
*Does anyone know what may go wrong?
Thanks in advance
Thai

Follow-Ups:
- Re: ldap_sasl_interactive_bind_s: Confidentiality required (13)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- ldap_sasl_interactive_bind_s: Confidentiality required (13)
  - From: Nhut Thai Le <nhut_le@alcor.concordia.ca>

Prev by Date: Re: errant SASL/GSSAPI setup?
Next by Date: Re: ldap_sasl_interactive_bind_s: Confidentiality required (13)
Index(es):
- Chronological
- Thread