[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with ldapsearch and TLS



Hi,

I am trying to get ldapseach to work over TLS. I tried to use
TLS_REQCERT never
in /etc/ldap.conf to circumvent the problem of self-signed certificate, but then I get this (ldapsearch -d 9 -Z):


ber_scanf fmt ([v]) ber:
ldap_msgfree
ldap_interactive_sasl_bind_s: server supports: GSSAPI PLAIN LOGIN DIGEST-MD5 CRAM-MD5
ldap_int_sasl_bind: GSSAPI PLAIN LOGIN DIGEST-MD5 CRAM-MD5
SASL/GSSAPI authentication started
ldap_perror
ldap_sasl_interactive_bind_s: Local error (82)
additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (No credentials cache found)


It looks like it's trying to use Kerberos authentication, which is not available. Is there a way to force ldapsearch to use TLS authentication?

Thanks,
Simon

P.S. I know that the right way to do it is to sign certificates properly, but I'd like to figure out what happens with TLS_REQCERT never.


--

Simon (Vsevolod ILyushchenko)   simonf@cshl.edu
				http://www.simonf.com

The unknown is honoured, the known is neglected -
                             until all is known.

              The Cú Chulaind myth