[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problem with ldapsearch and TLS
- To: openldap-software@OpenLDAP.org
- Subject: Problem with ldapsearch and TLS
- From: "Vsevolod (Simon) Ilyushchenko" <simonf@cshl.edu>
- Date: Wed, 17 Mar 2004 20:54:40 -0500
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113
Hi,
I am trying to get ldapseach to work over TLS. I tried to use
TLS_REQCERT never
in /etc/ldap.conf to circumvent the problem of self-signed certificate,
but then I get this (ldapsearch -d 9 -Z):
ber_scanf fmt ([v]) ber:
ldap_msgfree
ldap_interactive_sasl_bind_s: server supports: GSSAPI PLAIN LOGIN
DIGEST-MD5 CRAM-MD5
ldap_int_sasl_bind: GSSAPI PLAIN LOGIN DIGEST-MD5 CRAM-MD5
SASL/GSSAPI authentication started
ldap_perror
ldap_sasl_interactive_bind_s: Local error (82)
additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (No credentials cache found)
It looks like it's trying to use Kerberos authentication, which is not
available. Is there a way to force ldapsearch to use TLS authentication?
Thanks,
Simon
P.S. I know that the right way to do it is to sign certificates
properly, but I'd like to figure out what happens with TLS_REQCERT never.
--
Simon (Vsevolod ILyushchenko) simonf@cshl.edu
http://www.simonf.com
The unknown is honoured, the known is neglected -
until all is known.
The Cú Chulaind myth