[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_sasl_interactive_bind_s: Local error ???

To: zhfei@sdb.ac.cn
Subject: Re: ldap_sasl_interactive_bind_s: Local error ???
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 20 Nov 2002 13:20:02 +0100
Cc: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
In-reply-to: <200211200821.QAA122900@ns2.sdb.ac.cn>
Organization:
References: <200211200821.QAA122900@ns2.sdb.ac.cn>

ons, 2002-11-20 kl. 09:20 skrev Zhang Fei:

> 8.Adding a line in "ldap.conf" as root:
> TLS_CACERT      		/usr/share/ssl/misc/demoCA/52026275.0

I have no idea about 2.0.x, all my experience is with 2.1.x (at present
2.1.8. However,Howard has said that 2.0 can use SSL/TLS, so I suppose it
can.

1: You seem to have previous experience with SSL. The fact that you are
using hashes of certs seem to infer that your experience was with
FreeS/WAN or Apache. Openldap 2.1 (at least) uses neither .der encoded
certificates nor hashes, but .pem encoded raw certs;

2: *Raw* Openldap SSL/TLS (TLS is different from SSL) does not use SASL,
which seems to be throwing you out (although SSL is refererred to as
SASL EXTERNAL). Not that SSL is not a valid SASL extra, it's just that
Openssl SASL is not necessary for Openldap SSL/TLS.

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

Follow-Ups:
- Re: ldap_sasl_interactive_bind_s: Local error ???
  - From: Bill Dossett <bd@emtex.com>

References:
- ldap_sasl_interactive_bind_s: Local error ???
  - From: "Zhang Fei" <zhfei@sdb.ac.cn>

Prev by Date: access control with dn=*. gives bad performance
Next by Date: [Fwd: Re: basic sasl problem]
Index(es):
- Chronological
- Thread