Dear list,
I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking fine at port 389 ( ldap://) Now to secure it with ssl, I have first generated a certificate with Ca.sh script comes with linux.
then I have modified my /etc/openldap/slapd.conf as ========================================= TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/myca/servercert.pem TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem TLSCACertificateFile /etc/openldap/myca/cacert.pem TLSVerifyClient never =========================================
I also modified /etc/openldap/ldap.conf as ================================= HOST 127.0.0.1:636 BASE ou=Users,dc=kolkatainfoservices,dc=in TLS_CACERT /etc/openldap/myca/cacert.pem =================================
now when I execute *ldapsearch -H ldaps:// -d 255* it asks for ====================== ldap_msgfree sasl_client_step: 2 Please enter your password: ====================== after giving the manager password which is seceret it reports ========================== ldap_msgfree ldap_perror ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database ============================================
could any one suggest what am I missing here ? thanks.
if you run ldapsearch with the -x switch it you can use simple auth with -D logindn -w loginpassword
\Greg
JOYDEEP wrote:
Dear list,
I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking fine at port 389 ( ldap://) Now to secure it with ssl, I have first generated a certificate with Ca.sh script comes with linux.
then I have modified my /etc/openldap/slapd.conf as
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/myca/servercert.pem TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem TLSCACertificateFile /etc/openldap/myca/cacert.pem TLSVerifyClient never =========================================
I also modified /etc/openldap/ldap.conf as
HOST 127.0.0.1:636 BASE ou=Users,dc=kolkatainfoservices,dc=in TLS_CACERT /etc/openldap/myca/cacert.pem =================================
now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
ldap_msgfree sasl_client_step: 2 Please enter your password: ====================== after giving the manager password which is seceret it reports ========================== ldap_msgfree ldap_perror ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database ============================================
could any one suggest what am I missing here ? thanks.
Greg Martin wrote:
if you run ldapsearch with the -x switch it you can use simple auth with -D logindn -w loginpassword
Thanks Greg for your response but [-x] actually disable the ssl and I want to implement it for security reason.
\Greg
JOYDEEP wrote:
Dear list,
I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking fine at port 389 ( ldap://) Now to secure it with ssl, I have first generated a certificate with Ca.sh script comes with linux.
then I have modified my /etc/openldap/slapd.conf as
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/myca/servercert.pem TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem TLSCACertificateFile /etc/openldap/myca/cacert.pem TLSVerifyClient never =========================================
I also modified /etc/openldap/ldap.conf as
HOST 127.0.0.1:636 BASE ou=Users,dc=kolkatainfoservices,dc=in TLS_CACERT /etc/openldap/myca/cacert.pem =================================
now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
ldap_msgfree sasl_client_step: 2 Please enter your password: ====================== after giving the manager password which is seceret it reports ========================== ldap_msgfree ldap_perror ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database ============================================
could any one suggest what am I missing here ? thanks.
try: ldapsearch -H ldaps://yourHostname:yourPortNumber -d ... rest of your arguments.
JOYDEEP wrote:
Greg Martin wrote:
if you run ldapsearch with the -x switch it you can use simple auth with -D logindn -w loginpassword
Thanks Greg for your response but [-x] actually disable the ssl and I want to implement it for security reason.
\Greg
JOYDEEP wrote:
Dear list,
I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking fine at port 389 ( ldap://) Now to secure it with ssl, I have first generated a certificate with Ca.sh script comes with linux.
then I have modified my /etc/openldap/slapd.conf as
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/myca/servercert.pem TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem TLSCACertificateFile /etc/openldap/myca/cacert.pem TLSVerifyClient never =========================================
I also modified /etc/openldap/ldap.conf as
HOST 127.0.0.1:636 BASE ou=Users,dc=kolkatainfoservices,dc=in TLS_CACERT /etc/openldap/myca/cacert.pem =================================
now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
ldap_msgfree sasl_client_step: 2 Please enter your password: ====================== after giving the manager password which is seceret it reports ========================== ldap_msgfree ldap_perror ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database ============================================
could any one suggest what am I missing here ? thanks.
Does: netstat -an | grep 636 show that LDAPS is indeed LISTEN'ing?
JOYDEEP wrote:
Greg Martin wrote:
if you run ldapsearch with the -x switch it you can use simple auth with -D logindn -w loginpassword
Thanks Greg for your response but [-x] actually disable the ssl and I want to implement it for security reason.
\Greg
JOYDEEP wrote:
Dear list,
I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking fine at port 389 ( ldap://) Now to secure it with ssl, I have first generated a certificate with Ca.sh script comes with linux.
then I have modified my /etc/openldap/slapd.conf as
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/myca/servercert.pem TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem TLSCACertificateFile /etc/openldap/myca/cacert.pem TLSVerifyClient never =========================================
I also modified /etc/openldap/ldap.conf as
HOST 127.0.0.1:636 BASE ou=Users,dc=kolkatainfoservices,dc=in TLS_CACERT /etc/openldap/myca/cacert.pem =================================
now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
ldap_msgfree sasl_client_step: 2 Please enter your password: ====================== after giving the manager password which is seceret it reports ========================== ldap_msgfree ldap_perror ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database ============================================
could any one suggest what am I missing here ? thanks.
louis gonzales wrote:
Does: netstat -an | grep 636 show that LDAPS is indeed LISTEN'ing?
here is the output of "netstat -an | grep 636"
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN tcp 0 0 :::636 :::* LISTEN
JOYDEEP wrote:
Greg Martin wrote:
if you run ldapsearch with the -x switch it you can use simple auth with -D logindn -w loginpassword
Thanks Greg for your response but [-x] actually disable the ssl and I want to implement it for security reason.
\Greg
JOYDEEP wrote:
Dear list,
I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking fine at port 389 ( ldap://) Now to secure it with ssl, I have first generated a certificate with Ca.sh script comes with linux.
then I have modified my /etc/openldap/slapd.conf as
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/myca/servercert.pem TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem TLSCACertificateFile /etc/openldap/myca/cacert.pem TLSVerifyClient never =========================================
I also modified /etc/openldap/ldap.conf as
HOST 127.0.0.1:636 BASE ou=Users,dc=kolkatainfoservices,dc=in TLS_CACERT /etc/openldap/myca/cacert.pem =================================
now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
ldap_msgfree sasl_client_step: 2 Please enter your password: ====================== after giving the manager password which is seceret it reports ========================== ldap_msgfree ldap_perror ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database ============================================
could any one suggest what am I missing here ? thanks.
in your slapd.conf do you have a rootpw entry? Also, you're using SASL for authentication - I'm sorry for stating the otherwise obvious, and don't mean to insult your intelligence, but I should make a point here, that sometimes confuses people... SASL != SSL ;)
That said, what is your entire ldapsearch command string? It should probably, have the -w rootpw_entry_from_slapd_conf_here switch.
Post the entire command string - without the rootpw, unless you don't care that we all see it.
JOYDEEP wrote:
louis gonzales wrote:
Does: netstat -an | grep 636 show that LDAPS is indeed LISTEN'ing?
here is the output of "netstat -an | grep 636"
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN tcp 0 0 :::636 :::* LISTEN
JOYDEEP wrote:
Greg Martin wrote:
if you run ldapsearch with the -x switch it you can use simple auth with -D logindn -w loginpassword
Thanks Greg for your response but [-x] actually disable the ssl and I want to implement it for security reason.
\Greg
JOYDEEP wrote:
Dear list,
I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking fine at port 389 ( ldap://) Now to secure it with ssl, I have first generated a certificate with Ca.sh script comes with linux.
then I have modified my /etc/openldap/slapd.conf as
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/myca/servercert.pem TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem TLSCACertificateFile /etc/openldap/myca/cacert.pem TLSVerifyClient never =========================================
I also modified /etc/openldap/ldap.conf as
HOST 127.0.0.1:636 BASE ou=Users,dc=kolkatainfoservices,dc=in TLS_CACERT /etc/openldap/myca/cacert.pem =================================
now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
ldap_msgfree sasl_client_step: 2 Please enter your password: ====================== after giving the manager password which is seceret it reports ========================== ldap_msgfree ldap_perror ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database ============================================
could any one suggest what am I missing here ? thanks.
JOYDEEP wrote, on 12. mar 2007 05:44:
Greg Martin wrote:
if you run ldapsearch with the -x switch it you can use simple auth with -D logindn -w loginpassword
Thanks Greg for your response but [-x] actually disable the ssl and I want to implement it for security reason.
\Greg
No it doesn't, my sites use -x with ssl for some connections (I try to use SASL where possible, but under-sysadmins don't always understand it).
--Tonni
[...]
Tony Earnshaw wrote:
JOYDEEP wrote, on 12. mar 2007 05:44:
Greg Martin wrote:
if you run ldapsearch with the -x switch it you can use simple auth with -D logindn -w loginpassword
Thanks Greg for your response but [-x] actually disable the ssl and I want to implement it for security reason.
\Greg
No it doesn't, my sites use -x with ssl for some connections (I try to use SASL where possible, but under-sysadmins don't always understand it).
Thanks Tony for pointing it out. even I have checked the man page and it says that it disable the SASL only. thanks.
--Tonni
[...]
--On Friday, March 09, 2007 11:42 AM +0530 JOYDEEP j.bakshi@unlimitedmail.org wrote:
Dear list,
I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking fine at port 389 ( ldap://) Now to secure it with ssl, I have first generated a certificate with Ca.sh script comes with linux.
then I have modified my /etc/openldap/slapd.conf as
TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/myca/servercert.pem TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem TLSCACertificateFile /etc/openldap/myca/cacert.pem TLSVerifyClient never =========================================
I also modified /etc/openldap/ldap.conf as
HOST 127.0.0.1:636 BASE ou=Users,dc=kolkatainfoservices,dc=in TLS_CACERT /etc/openldap/myca/cacert.pem =================================
now when I execute *ldapsearch -H ldaps:// -d 255* it asks for
ldap_msgfree sasl_client_step: 2 Please enter your password: ====================== after giving the manager password which is seceret it reports ========================== ldap_msgfree ldap_perror ldap_sasl_interactive_bind_s: Invalid credentials (49) additional info: SASL(-13): user not found: no secret in database ============================================
could any one suggest what am I missing here ? thanks.
The -x flag to ldapsearch?
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
openldap-software@openldap.org
-
Greg Martin -
JOYDEEP -
louis gonzales -
Quanah Gibson-Mount -
Tony Earnshaw