[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Re: ldap_sasl_interactive_bind_s: Local error ???

To: "openldap-software@OpenLDAP.org" <openldap-software@OpenLDAP.org>
Subject: Re: Re: ldap_sasl_interactive_bind_s: Local error ???
From: "Zhang Fei" <zhfei@sdb.ac.cn>
Date: Wed, 20 Nov 2002 21:47:9 +0800
Organization: CNIC,CAS of CHINA

Tony Earnshaw,
	Thanks angain for your suggestions.
    
>1: You seem to have previous experience with SSL. The fact that you are
>using hashes of certs seem to infer that your experience was with
>FreeS/WAN or Apache. Openldap 2.1 (at least) uses neither .der encoded
>certificates nor hashes, but .pem encoded raw certs;

You are right.I misunderstood the configuration guide of OpenLDAP with TLS,
and I will correct it in my sldap.conf.


>2: *Raw* Openldap SSL/TLS (TLS is different from SSL) does not use SASL,
>which seems to be throwing you out (although SSL is refererred to as
>SASL EXTERNAL). Not that SSL is not a valid SASL extra, it's just that
>Openssl SASL is not necessary for Openldap SSL/TLS.
I'm confused with the command:
$ldapsearch localhost -b "o=MyTest,c=CN"  -s sub "(objectclass=*)" -x
 
 It returns correct results without inputting any password! 
 But "-x" option means it querys ldap server in Simple authentication.
 Any error in my understanding?

 ;-)

Zhang Fei
zhfei@sdb.ac.cn
2002-11-20

=============================
R&D of SDB Department
CNIC,CAS,Beijing of CHINA
100080

Prev by Date: Re: access control with dn=*. gives bad performance
Next by Date: Re: Re: ldap_sasl_interactive_bind_s: Local error ???
Index(es):
- Chronological
- Thread