I know about the "-x" option. But, once that happens, it looks like the passwords are sent in clear text. (I did some packet traces and that's what it looks like to me.)
I need to have passwords sent over an encrypted connection. "-x" doesn't give me that.
Thanx for the thought, though. :)
Quanah Gibson-Mount wrote:
--On Tuesday, May 22, 2007 6:36 PM -0700 Craig craig5@pobox.com wrote:
I am running openldap 2.2.13. I am having a problem getting TLS to work. I have done numerous searches, but most web pages seem to deal with LDAP/kerberos issues. We do not run kerberos. I am only trying to prevent passwords from being sent in the clear.
I have followed the instructions on this page:
http://www.ibm.com/developerworks/linux/library/l-openldap/
I am able to run ldapsearch with simple auth:
ldapsearch -x
but, am not able to do any of the following:
ldapsearch ldapsearch -X u:myuid ldapsearch -X dn:uid=myuid,ou=People,dc=example,dc=com
The error is (with "-d 255"): ... SASL/GSSAPI authentication started
You need to use a lower case x to disable GSSAPI. i.e.,
ldapsearch -x <whatever>
--Quanah
-- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc
Zimbra :: the leader in open source messaging and collaboration