The first attempt fails :
ldapwhoami -v -ZZ -Y EXTERNAL ldap_initialize( <DEFAULT> ) ldap_start_tls: Connect error (-11) additional info: TLS: hostname does not match CN in peer certificate
This also fails :
ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base + ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Tim
On Thu, Jan 21, 2016 at 7:43 PM, Sergio NNX sfhacker@hotmail.com wrote:
My scenario is relatively simple.
Simple, but it doesn't work, right?
Are you after something similar to the output below?
ldapwhoami -v -ZZ -Y EXTERNAL
SASL/EXTERNAL authentication started SASL username: 2.5.4.13=End User Certificate (OpenLDAP 2.4.43),2.5.4.5=1234-2015 -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT Solutions,l=Westminster,st=Lon don,c=GB,email=info@matear.eu,0.9.2342.19200300.100.1.1=Administrator,dc=EU,cn=A dministrator SASL SSF: 0 dn:description=end user certificate (openldap 2.4.43),serialNumber=1234-2015-uk, title=mr,ou=finance department,o=matear.eu it solutions,l=westminster,st=london, c=gb,email=info@matear.eu,uid=administrator,dc=eu,cn=administrator Result: Success (0)
ldapsearch -LLL -Y EXTERNAL -H ldaps:/// -b "" -s base +
SASL/EXTERNAL authentication started SASL username: 2.5.4.13=End User Certificate (OpenLDAP 2.4.43),2.5.4.5=1234-2015 -UK,title=Mr,ou=Finance Department,o=MateAR.eu IT Solutions,l=Westminster,st=Lon don,c=GB,email=info@matear.eu,0.9.2342.19200300.100.1.1=Administrator,dc=EU,cn=A dministrator SASL SSF: 0 dn: structuralObjectClass: OpenLDAProotDSE configContext: cn=config monitorContext: cn=Monitor namingContexts: dc=my-domain,dc=com supportedControl: 1.3.6.1.4.1.4203.1.9.1.1 supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 1.3.6.1.4.1.4203.1.10.1 supportedControl: 1.3.6.1.1.22 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.826.0.1.3344810.2.3 supportedControl: 1.3.6.1.1.13.2 supportedControl: 1.3.6.1.1.13.1 supportedControl: 1.3.6.1.1.12 supportedExtension: 1.3.6.1.4.1.1466.20037 supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedExtension: 1.3.6.1.1.8 supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 supportedFeatures: 1.3.6.1.4.1.4203.1.5.4 supportedFeatures: 1.3.6.1.4.1.4203.1.5.5 supportedLDAPVersion: 3 supportedSASLMechanisms: SRP supportedSASLMechanisms: SCRAM-SHA-1 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: OTP supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: NTLM supportedSASLMechanisms: LOGIN supportedSASLMechanisms: PLAIN entryDN: subschemaSubentry: cn=Subschema