[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldapsearch utility





--On Tuesday, December 31, 2019 10:44 AM -0500 Peter Sui <peters@qnext.com> wrote:

if I run:
ldapsearch -h ldap.forumsys.com -p 636 -b "" -s base "(objectClass=*)" -D
"cn=read-only-admin,dc=example,dc=com"  -w password -Z 

It is not valid to combine startTLS with port 636. Also, you should update your options to match modern standards.


Example against ldaps:///

ldapsearch -H ldaps://ldap.forumsys.com:636

as opposed to

ldapsearch -h ldap.forumsys.com -p 636

Example against ldap:///

ldapsearch -H ldap://ldap.forumsys.com:389

as opposed to

ldapsearch -h ldap.forumsys.com -p 389


I would note that the -Z(Z) options are for startTLS (generally against port 389). It is not valid to mix startTLS with ldaps:// URIs. You've not provided any useful information about your setup, so it's not possible to give you much help past that.

As for your SASL question, as documented in the ldapsearch man page, you provide the SASL Mech as a parameter to the -Y option. For example:

ldapsearch -Y GSSAPI -H ldap://ldap.forumsys.com:389

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>