[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL in OpenLDAP 2.0 gamma clients

To: Art Corcoran <acorcoran@vitria.com>
Subject: Re: TLS/SSL in OpenLDAP 2.0 gamma clients
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 24 Aug 2000 13:35:37 -0700
Cc: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>
In-reply-to: <55436653EBCAD3119AA7009027C406FFABE646@vt-sjc-ms2.vitria.c om>

At 01:16 PM 8/24/00 -0700, Art Corcoran wrote:
>Here are the details: 
>I'm using OpenLDAP 2.0 gamma on Solaris 2.7 built with "--with-tls" and OpenSSL 0.9.5.  I have an iPlanet LDAP server on Win2k with a cert installed.  I can ldapsearch it with SSL from the iPlanet client with no problems.  I can ldapsearch it from openldap without SSL.  When I try to ldapsearch it from openldap with SSL, the TLS never starts.

Do not confuse ldaps:// (LDAP over SSL) with LDAPv3's Start TLS.
Start TLS is the Standard Track LDAPv3 mechanism for initiating TLS (RFC2830).
ldaps:// is an vendor extension which is not documented in any RFC.

>Here is my search string: 
>        ldapsearch -d 255 -x -w secret -v -h iplanethost -p 636 -s base -b "" -ZZ "(objectclass=*)" 

Try (StartTLS)
        ldapsearch -h iplanethost -ZZ -x -s base -b ""

or (ldaps://):
        ldapsearch -h ldaps://iplanethost -x -s base -b ""

Kurt

Prev by Date: slapd crash on delete...
Next by Date: Re: Does OpenLDAP support clustering?
Index(es):
- Chronological
- Thread