Re: connection problem with ldapmodify -Y EXTERNAL -H ldapi:///

[Dan White <dwhite@olp.net>]

On 03/10/11 17:43 +0200, Andreas Rudat wrote:
> Am 03.10.2011 16:43, schrieb Dan White:
> > On 03/10/11 16:27 +0200, Andreas Rudat wrote:
> > > *ldapmodify -Y EXTERNAL -H ldapi:///*
> > >
> > > SASL/EXTERNAL authentication started
> > > SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
> > > SASL SSF: 0
> >
> > The output indicates that you successfully authenticated your connection
> > to the server. ldapmodify is waiting for you to tell it something to do
> > (from standard input).
>
> Ah ok, then I missunderstood the tutorial I read.
>
> I'm trying to get sasl+tls running, but I have still some problems.
> ldapsearch -x -LLL -s base -b "" supportedSASLMechanisms
>
> says
> supportedSASLMechanisms: CRAM-MD5
> supportedSASLMechanisms: DIGEST-MD5
> supportedSASLMechanisms: NTLM
>
> so tls issn't allowed in my configuration? I added tls on ldap.conf 
> and /etc/default/slapd
>
> Debug says:
> TLS: can't connect: A TLS packet with unexpected length was received..

What are the contents of your ldap.conf, and your /etc/default/slapd?

What is your TLS configuration on the server? In particular, your
TLSVerifyClient/olcTLSVerifyClient setting (which should be something other
than the default).

--
Dan White