[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldapsearch utility

To: Peter Sui <peters@qnext.com>, openldap-technical@openldap.org
Subject: RE: ldapsearch utility
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Mon, 06 Jan 2020 17:17:12 -0800
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.10.3 zmcc-2-mta-1.zmailcloud.com 23CD2CEFFB
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symas.com; s=37C7994C-28CA-11EA-A30F-68F90BB9D764; t=1578359832; bh=6aIbAGsGkGvYStEmVBmtoeQzjnDhtj+CQY0RWAI/d1Q=; h=Date:From:To:Message-ID:MIME-Version; b=ITk3n1PnACH+BGx1LYgb/3MqnrKCWbquQLjMZRiZcYxW6vhgHIumEJbKaz8OfdMWQ vtvSA+nGq6J8teynb2TdTix8q57kjPcbCevq/IJchHYclu993bS2V0mCzNHEQME9Fd 1oC/0lZmGGbunLbJDP9kZI2CvzePVW0wYHBQ+ihX7Mmmupe2G/7mkU7qhxsVgGMFL3 Akb8fVhmjn+nfp+o9xpvOvJYSrxfs09el5mnzpZ3Njcj41B66ShuYt/PKKnl2LNiv0 HJYZ1spfmdrlabr8UdjyIuBmkSpkkCzW2r3l3ZMMJY6zsMb25SHEXQXehUCD0kdKkK 8iyK54+htz3vA==
In-reply-to: <CAKVbK+oH3Pvmg7aO3Th_Di5xgb6dOB2yxwtj6AoWZsEOTQ6KMQ@mail.gmail.com>
References: <CAKVbK+oH3Pvmg7aO3Th_Di5xgb6dOB2yxwtj6AoWZsEOTQ6KMQ@mail.gmail.com>

--On Tuesday, December 31, 2019 10:44 AM -0500 Peter Sui <peters@qnext.com>wrote:

if I run:
ldapsearch -h ldap.forumsys.com -p 636 -b "" -s base "(objectClass=*)" -D
"cn=read-only-admin,dc=example,dc=com"  -w password -Z

It is not valid to combine startTLS with port 636. Also, you should updateyour options to match modern standards.



Example against ldaps:///

ldapsearch -H ldaps://ldap.forumsys.com:636

as opposed to

ldapsearch -h ldap.forumsys.com -p 636

Example against ldap:///

ldapsearch -H ldap://ldap.forumsys.com:389

as opposed to

ldapsearch -h ldap.forumsys.com -p 389

I would note that the -Z(Z) options are for startTLS (generally againstport 389). It is not valid to mix startTLS with ldaps:// URIs. You've notprovided any useful information about your setup, so it's not possible togive you much help past that.

As for your SASL question, as documented in the ldapsearch man page, youprovide the SASL Mech as a parameter to the -Y option. For example:


ldapsearch -Y GSSAPI -H ldap://ldap.forumsys.com:389

Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- RE: ldapsearch utility
  - From: Peter Sui <peters@qnext.com>

Prev by Date: Re: please repost link to question "How to build OpenLDAP against specific OpenSSL install"
Next by Date: Re: Replication of olcAccess
Index(es):
- Chronological
- Thread