[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ldapsearch utility
- To: Peter Sui <peters@qnext.com>, openldap-technical@openldap.org
- Subject: RE: ldapsearch utility
- From: Quanah Gibson-Mount <quanah@symas.com>
- Date: Mon, 06 Jan 2020 17:17:12 -0800
- Content-disposition: inline
- Dkim-filter: OpenDKIM Filter v2.10.3 zmcc-2-mta-1.zmailcloud.com 23CD2CEFFB
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=symas.com; s=37C7994C-28CA-11EA-A30F-68F90BB9D764; t=1578359832; bh=6aIbAGsGkGvYStEmVBmtoeQzjnDhtj+CQY0RWAI/d1Q=; h=Date:From:To:Message-ID:MIME-Version; b=ITk3n1PnACH+BGx1LYgb/3MqnrKCWbquQLjMZRiZcYxW6vhgHIumEJbKaz8OfdMWQ vtvSA+nGq6J8teynb2TdTix8q57kjPcbCevq/IJchHYclu993bS2V0mCzNHEQME9Fd 1oC/0lZmGGbunLbJDP9kZI2CvzePVW0wYHBQ+ihX7Mmmupe2G/7mkU7qhxsVgGMFL3 Akb8fVhmjn+nfp+o9xpvOvJYSrxfs09el5mnzpZ3Njcj41B66ShuYt/PKKnl2LNiv0 HJYZ1spfmdrlabr8UdjyIuBmkSpkkCzW2r3l3ZMMJY6zsMb25SHEXQXehUCD0kdKkK 8iyK54+htz3vA==
- In-reply-to: <CAKVbK+oH3Pvmg7aO3Th_Di5xgb6dOB2yxwtj6AoWZsEOTQ6KMQ@mail.gmail.com>
- References: <CAKVbK+oH3Pvmg7aO3Th_Di5xgb6dOB2yxwtj6AoWZsEOTQ6KMQ@mail.gmail.com>
--On Tuesday, December 31, 2019 10:44 AM -0500 Peter Sui <peters@qnext.com>
wrote:
if I run:
ldapsearch -h ldap.forumsys.com -p 636 -b "" -s base "(objectClass=*)" -D
"cn=read-only-admin,dc=example,dc=com" -w password -Z
It is not valid to combine startTLS with port 636. Also, you should update
your options to match modern standards.
Example against ldaps:///
ldapsearch -H ldaps://ldap.forumsys.com:636
as opposed to
ldapsearch -h ldap.forumsys.com -p 636
Example against ldap:///
ldapsearch -H ldap://ldap.forumsys.com:389
as opposed to
ldapsearch -h ldap.forumsys.com -p 389
I would note that the -Z(Z) options are for startTLS (generally against
port 389). It is not valid to mix startTLS with ldaps:// URIs. You've not
provided any useful information about your setup, so it's not possible to
give you much help past that.
As for your SASL question, as documented in the ldapsearch man page, you
provide the SASL Mech as a parameter to the -Y option. For example:
ldapsearch -Y GSSAPI -H ldap://ldap.forumsys.com:389
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>