--On Tuesday, December 31, 2019 10:44 AM -0500 Peter Sui peters@qnext.com wrote:
if I run: ldapsearch -h ldap.forumsys.com -p 636 -b "" -s base "(objectClass=*)" -D "cn=read-only-admin,dc=example,dc=com" -w password -Z
It is not valid to combine startTLS with port 636. Also, you should update your options to match modern standards.
Example against ldaps:///
ldapsearch -H ldaps://ldap.forumsys.com:636
as opposed to
ldapsearch -h ldap.forumsys.com -p 636
Example against ldap:///
ldapsearch -H ldap://ldap.forumsys.com:389
as opposed to
ldapsearch -h ldap.forumsys.com -p 389
I would note that the -Z(Z) options are for startTLS (generally against port 389). It is not valid to mix startTLS with ldaps:// URIs. You've not provided any useful information about your setup, so it's not possible to give you much help past that.
As for your SASL question, as documented in the ldapsearch man page, you provide the SASL Mech as a parameter to the -Y option. For example:
ldapsearch -Y GSSAPI -H ldap://ldap.forumsys.com:389
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com