louis gonzales wrote:
Does: netstat -an | grep 636 show that LDAPS is indeed LISTEN'ing?
here is the output of "netstat -an | grep 636"
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN tcp 0 0 :::636 :::* LISTEN
JOYDEEP wrote:
Greg Martin wrote:
if you run ldapsearch with the -x switch it you can use simple auth with -D logindn -w loginpassword
Thanks Greg for your response but [-x] actually disable the ssl and I want to implement it for security reason.
\Greg
JOYDEEP wrote:
Dear list,
I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking fine at port 389 ( ldap://) Now to secure it with ssl, I have first generated a certificate with Ca.sh script comes with linux.
then I have modified my /etc/openldap/slapd.conf as
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/myca/servercert.pem TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem TLSCACertificateFile /etc/openldap/myca/cacert.pem TLSVerifyClient never =========================================
I also modified /etc/openldap/ldap.conf as
HOST 127.0.0.1:636 BASE ou=Users,dc=kolkatainfoservices,dc=in TLS_CACERT /etc/openldap/myca/cacert.pem =================================
now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
ldap_msgfree sasl_client_step: 2 Please enter your password: ====================== after giving the manager password which is seceret it reports ========================== ldap_msgfree ldap_perror ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database ============================================
could any one suggest what am I missing here ? thanks.