Before I post all the config files, I thought I'd start by showing the output of some commands.
I put a slappasswd password in the slapd.conf file. When prompted for this password, I've entered the correct password, the incorrect password, and no password by just pressing return. In these cases, with -x, the 'ldap_bind: Confidentiality required (13)' message appears.
Without -x, the 'ldap_sasl_interactive_bind_s: Confidentiality required (13)' message appears.
I've thought of a few things I could try, but thought I'd ask if anyone might have any suggestions first about why these 'Confidentiality required (13)' messages appear, and how to fix it.
Thanks very much in advance
[dir ~]# [dir ~]# [dir ~]# ldapsearch -x -b 'dc=mydomainname,dc=name,dc=example,dc=com' '(objectClass=*)' # extended LDIF # # LDAPv3 # base <dc=mydomainname,dc=name,dc=example,dc=com> with scope subtree # filter: (objectClass=*) # requesting: ALL #
# search result search: 2 result: 13 Confidentiality required text: confidentiality required
# numResponses: 1 [dir ~]# [dir ~]#
[dir ~]# [dir ~]# ldapsearch -b 'dc=mydomainname,dc=name,dc=example,dc=com' '(objectClass=*)' ldap_sasl_interactive_bind_s: Confidentiality required (13) additional info: confidentiality required [dir ~]#
[dir ~]# [dir ~]# cat ldap_test_add_file dn: dc=mydomainname,dc=name,dc=example,dc=com dc: mydomainname objectClass: top objectClass: domain [dir ~]#
[dir ~]# [dir ~]# [dir ~]# /usr/bin/ldapadd -h myserver \ -D "cn=manager,dc=mydomainname,dc=name,dc=example,dc=com" \ -x -W -f ldap_test_add_file Enter LDAP Password: CORRECT pw given ldap_bind: Confidentiality required (13) additional info: confidentiality required [dir ~]# [dir ~]# [dir ~]# /usr/bin/ldapadd -h myserver \ -D "cn=manager,dc=mydomainname,dc=name,dc=example,dc=com" \ -x -W -f ldap_test_add_file Enter LDAP Password: INCORRECT pw given ldap_bind: Confidentiality required (13) additional info: confidentiality required [dir ~]# [dir ~]# [dir ~]# /usr/bin/ldapadd -h myserver \ -D "cn=manager,dc=mydomainname,dc=name,dc=example,dc=com" \ -x -W -f ldap_test_add_file Enter LDAP Password: NO pw given, just pressed return ldap_bind: Server is unwilling to perform (53) additional info: unauthenticated bind (DN with no password) disallowed [dir ~]# [dir ~]#
[dir ~]# [dir ~]# [dir ~]# /usr/bin/ldapadd -h myserver \ -D "cn=manager,dc=mydomainname,dc=name,dc=example,dc=com" \ -W -f ldap_test_add_file Enter LDAP Password: CORRECT pw given ldap_sasl_interactive_bind_s: Confidentiality required (13) additional info: confidentiality required [dir ~]# [dir ~]# [dir ~]# /usr/bin/ldapadd -h myserver \ -D "cn=manager,dc=mydomainname,dc=name,dc=example,dc=com" \ -W -f ldap_test_add_file Enter LDAP Password: INCORRECT pw given ldap_sasl_interactive_bind_s: Confidentiality required (13) additional info: confidentiality required [dir ~]# [dir ~]# [dir ~]# /usr/bin/ldapadd -h myserver \ -D "cn=manager,dc=mydomainname,dc=name,dc=example,dc=com" \ -W -f ldap_test_add_file Enter LDAP Password: NO pw given, just pressed return ldap_sasl_interactive_bind_s: Confidentiality required (13) additional info: confidentiality required [dir ~]# [dir ~]#
--------------------------------- Got a little couch potato? Check out fun summer activities for kids.
Normally the error message in your subject is as a result of the server requiring encryption of some kind. For example, you might have set:
security tls=1
or similar, in which case you need to use ldaps:// or start_tls (-Z):
[bgmilne@comanche ~]$ ldapsearch -x -LLL "(uid=bgmilne)" 1.1 ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required [bgmilne@comanche ~]$ ldapsearch -Z -x -LLL "(uid=bgmilne)" 1.1 dn: uid=bgmilne,ou=People,dc=ranger,dc=dnsalias,dc=com
Regards, Buchan
The following is from the sladd.conf
security ssf=1 update_ssf=112 simple_bind=64
If I use -ZZ or ldaps: in the ldapadd command, I see messages that say hostname does not match CN in peer certificate.
Thanks
--------------------------------- Got a little couch potato? Check out fun summer activities for kids.
<quote who="Richard smith">
The following is from the sladd.conf
security ssf=1 update_ssf=112 simple_bind=64
If I use -ZZ or ldaps: in the ldapadd command, I see messages that say hostname does not match CN in peer certificate.
Well that's a pretty clear message.
Did you specify a -H ldap://blah.example.com which matches the CN in the peer certificate.
Thanks
Got a little couch potato? Check out fun summer activities for kids.
Richard smith wrote:
Before I post all the config files, I thought I'd start by showing the output of some commands.
You must have a "ssf" setting in your slapd.conf/slapd.d
Please check.
openldap-software@openldap.org