The first attempt fails :
ldapwhoami -v -ZZ -Y EXTERNAL
ldap_initialize( <DEFAULT> )
ldap_start_tls: Connect error (-11)
additional info: TLS: hostname does not match CN in peer certificate
This also fails :
ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Tim
On Thu, Jan 21, 2016 at 7:43 PM, Sergio NNX <sfhacker(a)hotmail.com> wrote:
>> My scenario is relatively simple.
> Simple, but it doesn't work, right?
>
> Are you after something similar to the output below?
>
> ldapwhoami -v -ZZ -Y EXTERNAL
>
> SASL/EXTERNAL authentication started
> SASL username: 2.5.4.13=End User Certificate (OpenLDAP
> 2.4.43),2.5.4.5=1234-2015
> -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
> Solutions,l=Westminster,st=Lon
> don,c=GB,email=info(a)matear.eu,0.9.2342.19200300.100.1.1=Administrator,dc=EU,cn=A
> dministrator
> SASL SSF: 0
> dn:description=end user certificate (openldap
> 2.4.43),serialNumber=1234-2015-uk,
> title=mr,ou=finance department,o=matear.eu it
> solutions,l=westminster,st=london,
> c=gb,email=info(a)matear.eu,uid=administrator,dc=eu,cn=administrator
> Result: Success (0)
>
>
> ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
>
> SASL/EXTERNAL authentication started
> SASL username: 2.5.4.13=End User Certificate (OpenLDAP
> 2.4.43),2.5.4.5=1234-2015
> -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT
> Solutions,l=Westminster,st=Lon
> don,c=GB,email=info(a)matear.eu,0.9.2342.19200300.100.1.1=Administrator,dc=EU,cn=A
> dministrator
> SASL SSF: 0
> dn:
> structuralObjectClass: OpenLDAProotDSE
> configContext: cn=config
> monitorContext: cn=Monitor
> namingContexts: dc=my-domain,dc=com
> supportedControl: 1.3.6.1.4.1.4203.1.9.1.1
> supportedControl: 2.16.840.1.113730.3.4.18
> supportedControl: 2.16.840.1.113730.3.4.2
> supportedControl: 1.3.6.1.4.1.4203.1.10.1
> supportedControl: 1.3.6.1.1.22
> supportedControl: 1.2.840.113556.1.4.319
> supportedControl: 1.2.826.0.1.3344810.2.3
> supportedControl: 1.3.6.1.1.13.2
> supportedControl: 1.3.6.1.1.13.1
> supportedControl: 1.3.6.1.1.12
> supportedExtension: 1.3.6.1.4.1.1466.20037
> supportedExtension: 1.3.6.1.4.1.4203.1.11.1
> supportedExtension: 1.3.6.1.4.1.4203.1.11.3
> supportedExtension: 1.3.6.1.1.8
> supportedFeatures: 1.3.6.1.1.14
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
> supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
> supportedLDAPVersion: 3
> supportedSASLMechanisms: SRP
> supportedSASLMechanisms: SCRAM-SHA-1
> supportedSASLMechanisms: GSSAPI
> supportedSASLMechanisms: GSS-SPNEGO
> supportedSASLMechanisms: DIGEST-MD5
> supportedSASLMechanisms: EXTERNAL
> supportedSASLMechanisms: OTP
> supportedSASLMechanisms: CRAM-MD5
> supportedSASLMechanisms: NTLM
> supportedSASLMechanisms: LOGIN
> supportedSASLMechanisms: PLAIN
> entryDN:
> subschemaSubentry: cn=Subschema
>