[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS: hostname does not match CN in peer certificate



On Tuesday 25 October 2005 13:03, John Manning wrote:
> Quanah Gibson-Mount <quanah@stanford.edu> wrote:
> >>$ ldapsearch -v -D "cn=someuser, o=users" -H ldaps://foo.bar.tld:636 -ZZ
> >>ldap_initialize( ldaps://foo.bar.tld:636 )
> >>ldap_start_tls: Operations error (1)
> >>         additional info: TLS is is already established
> >
> >You don't need -ZZ if you are using an LDAPS URL, as the LDAPS URL
> >indicates you want SSL encryption.
>
> Thanks Quanah. Apologies for not being totally clear in the previous. I had
> spotted the redundancy between the "ldaps" scheme and the -ZZ option and
> tried it without the -ZZ option. But I got:
>
> $ ldapsearch -v -D "cn=someuser, o=users" -H ldaps://foo.bar.tld:636
> ldap_initialize( ldaps://foo.bar.tld:636 )
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
>         additional info: SASL(-4): no mechanism available:

I don't think you were using SASL before (whereas Quanah always does ;-)), so 
you still need the -x flag.

Regards,
Buchan
-- 
Buchan Milne
ISP Systems Specialist
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

Attachment: pgpti9YEWerO1.pgp
Description: PGP signature