in your slapd.conf do you have a rootpw entry? Also, you're using SASL for authentication - I'm sorry for stating the otherwise obvious, and don't mean to insult your intelligence, but I should make a point here, that sometimes confuses people... SASL != SSL ;)
That said, what is your entire ldapsearch command string? It should probably, have the -w rootpw_entry_from_slapd_conf_here switch.
Post the entire command string - without the rootpw, unless you don't care that we all see it.
JOYDEEP wrote:
louis gonzales wrote:
Does: netstat -an | grep 636 show that LDAPS is indeed LISTEN'ing?
here is the output of "netstat -an | grep 636"
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN tcp 0 0 :::636 :::* LISTEN
JOYDEEP wrote:
Greg Martin wrote:
if you run ldapsearch with the -x switch it you can use simple auth with -D logindn -w loginpassword
Thanks Greg for your response but [-x] actually disable the ssl and I want to implement it for security reason.
\Greg
JOYDEEP wrote:
Dear list,
I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking fine at port 389 ( ldap://) Now to secure it with ssl, I have first generated a certificate with Ca.sh script comes with linux.
then I have modified my /etc/openldap/slapd.conf as
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/myca/servercert.pem TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem TLSCACertificateFile /etc/openldap/myca/cacert.pem TLSVerifyClient never =========================================
I also modified /etc/openldap/ldap.conf as
HOST 127.0.0.1:636 BASE ou=Users,dc=kolkatainfoservices,dc=in TLS_CACERT /etc/openldap/myca/cacert.pem =================================
now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
ldap_msgfree sasl_client_step: 2 Please enter your password: ====================== after giving the manager password which is seceret it reports ========================== ldap_msgfree ldap_perror ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database ============================================
could any one suggest what am I missing here ? thanks.