[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldapsearch -H ldaps:// -d 255] is not working

To: louis gonzales <gonzales@linuxlouis.net>
Subject: Re: [ldapsearch -H ldaps:// -d 255] is not working
From: JOYDEEP <j.bakshi@unlimitedmail.org>
Date: Mon, 12 Mar 2007 10:48:06 +0530
Cc: openldap-software@openldap.org, greg.martin18@verizon.net
In-reply-to: <45F4E073.3060702@linuxlouis.net>
References: <45F0FABD.7020709@unlimitedmail.org> <45F1A974.3040209@gmartin.org> <45F4DAAF.1070902@unlimitedmail.org> <45F4E073.3060702@linuxlouis.net>
User-agent: Thunderbird 1.5 (X11/20060317)

louis gonzales wrote:
> Does:    netstat -an | grep 636
> show that LDAPS is indeed LISTEN'ing?
here is the output of   "netstat -an | grep 636"

tcp        0      0 0.0.0.0:636             0.0.0.0:*               LISTEN
tcp        0      0 :::636                  :::*                    LISTEN


>
> JOYDEEP wrote:
>
>> Greg Martin wrote:
>>  
>>
>>> if you run ldapsearch with the -x switch it you can use simple auth
>>> with -D logindn  -w loginpassword
>>>
>>>   
>> Thanks Greg for your response but [-x] actually disable the ssl and I
>> want to implement
>> it for security reason.
>>  
>>
>>> \\Greg
>>>
>>> JOYDEEP wrote:
>>>   
>>>> Dear list,
>>>>
>>>> I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking
>>>> fine at
>>>> port 389 ( ldap://)
>>>> Now to secure it with  ssl, I have first generated a certificate with
>>>> Ca.sh script comes with linux.
>>>>
>>>> then I have modified my /etc/openldap/slapd.conf as
>>>> =========================================
>>>> TLSCipherSuite HIGH:MEDIUM:+SSLv2
>>>> TLSCertificateFile            /etc/openldap/myca/servercert.pem
>>>> TLSCertificateKeyFile        /etc/openldap/myca/serverkey.pem
>>>> TLSCACertificateFile         /etc/openldap/myca/cacert.pem
>>>> TLSVerifyClient never
>>>> =========================================
>>>>
>>>> I also modified /etc/openldap/ldap.conf  as
>>>> =================================
>>>> HOST 127.0.0.1:636
>>>> BASE    ou=Users,dc=kolkatainfoservices,dc=in
>>>> TLS_CACERT /etc/openldap/myca/cacert.pem
>>>> =================================
>>>>
>>>> now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
>>>> ======================
>>>> ldap_msgfree
>>>> sasl_client_step: 2
>>>> Please enter your password:
>>>> ======================
>>>> after giving the manager password which is seceret it reports
>>>> ==========================
>>>> ldap_msgfree
>>>> ldap_perror
>>>> ldap_sasl_interactive_bind_s: Invalid credentials (49)
>>>>        additional info: SASL(-13): user not found: no secret in
>>>> database
>>>> ============================================
>>>>
>>>> could any one suggest what am I missing here ?
>>>> thanks.
>>>>
>>>>
>>>>
>>>>  
>>>>     
>>>   
>
>

Follow-Ups:
- Re: [ldapsearch -H ldaps:// -d 255] is not working
  - From: louis gonzales <gonzales@linuxlouis.net>

References:
- [ldapsearch -H ldaps:// -d 255] is not working
  - From: JOYDEEP <j.bakshi@unlimitedmail.org>
- Re: [ldapsearch -H ldaps:// -d 255] is not working
  - From: Greg Martin <gmartin@gmartin.org>
- Re: [ldapsearch -H ldaps:// -d 255] is not working
  - From: JOYDEEP <j.bakshi@unlimitedmail.org>
- Re: [ldapsearch -H ldaps:// -d 255] is not working
  - From: louis gonzales <gonzales@linuxlouis.net>

Prev by Date: Re: [ldapsearch -H ldaps:// -d 255] is not working
Next by Date: Re: [ldapsearch -H ldaps:// -d 255] is not working
Index(es):
- Chronological
- Thread