[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLdap 2.0.3 using TLS or ldaps with OpenSSL certificates



Hello all,

I am in the process of testing OpenLDAP 2.0.3 and the OpenSSL certificate stuff
and have run into a little problem.  I have created my OpenSSL certificates and
signed them.  Then, I proceeded to include the TLSCertificateFile,
TLSCertificateKeyFile, and TLSCACertificateFile lines in my slapd.conf file (the
key file is unencrypted).  Now, I start the slapd server and everything appears
normal, using the following command line:
     slapd -f <path-to-slapd.conf> -h "ldap://dbroady:3890
ldaps://dbroady:9909" -d 5

Now, I am wanting to use the ldapsearch utility that comes with OpenLDAP and
have it connect via ldaps(or TLS, it doesn't matter), before I start writing my
own software to use it.  I use the following command line for this:
     ldapsearch -H ldap://dbroady:9909 -b 'o=University of Michigan, c=US'
'cn=*'

and the error line I get returned is:
     ldap_sasl_interactive_bind_s:  Unknown authentication method

I turned on debug for the ldapsearch client and could see that it was getting
back:
     ldap_interactive_sasl_bind_s:  server supports:  PLAIN
     ldap_int_sasl_bind:  PLAIN
     ldap_perror
     ldap_sasl_interactive_bind_s:  Unknown authentication method

In my sasl plugins directory, I have the  libplain.so  file there and it should
pick it up.

Am I missing a command line argument to ldapsearch so that it can use TLS (or
ldaps) to connect to the slapd properly.  Any help would be greatly appreciated.

Thanks.

Darin Broady
dbroady@lexmark.com
Lexmark International, Inc.