I am running openldap 2.2.13. I am having a problem getting TLS to
work. I have done numerous searches, but most web pages seem to deal
with LDAP/kerberos issues. We do not run kerberos. I am only trying to
prevent passwords from being sent in the clear.
I have followed the instructions on this page:
http://www.ibm.com/developerworks/linux/library/l-openldap/
I am able to run ldapsearch with simple auth:
> ldapsearch -x
but, am not able to do any of the following:
> ldapsearch
> ldapsearch -X u:myuid
> ldapsearch -X dn:uid=myuid,ou=People,dc=example,dc=com
The error is (with "-d 255"):
...
SASL/GSSAPI authentication started
ldap_perror
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (No credentials cache found)
It looks like the server is running fine. But, the logs don't really
indicate what the problem is. (It seems to be more of a client issue,
but still the server should give some hint in the logs.)
If you need more debugging info, just let me know.
Any help would be greatly appreciated.
TIA
Craig