The problem was sitting in front of the monitor ^^
I must uses ldapi:/// insted of ldaps://<fqdn>. Sometimes it's good to take a break :-)
Am 15.10.20 um 18:55 schrieb Stefan Kania:
Hello,
I just compiled OpenLDAP 2.5alpha on a debian 10 system. I used this howto: https://tylersguides.com/guides/install-openldap-source-debian-stretch/
Slapd is running and I load the following ldif:
dn: cn=config objectClass: olcGlobal cn: config olcArgsFile: /opt/openldap-current/var/run/slapd.args olcPidFile: /opt/openldap-current/var/run/slapd.pid olcTLSCACertificateFile: /etc/ssl/certificates/demoCA/cacert.pem olcTLSCertificateFile: /etc/ssl/certificates/ldap01-cert.pem olcTLSCertificateKeyFile: /etc/ssl/certificates/ldap01-key.pem olcTLSCipherSuite: TLSv1.2:HIGH:!aNULL:!eNULL olcTLSProtocolMin: 3.3
dn: cn=schema,cn=config objectClass: olcSchemaConfig cn: schema
dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModulepath: /opt/openldap-current/libexec/openldap olcModuleload: back_mdb.la olcModuleload: pw-sha2.la
include: file:///opt/openldap-current/etc/openldap/schema/core.ldif include: file:///opt/openldap-current/etc/openldap/schema/cosine.ldif include: file:///opt/openldap-current/etc/openldap/schema/nis.ldif include: file:///opt/openldap-current/etc/openldap/schema/inetorgperson.ldif
dn: olcDatabase=frontend,cn=config objectClass: olcDatabaseConfig objectClass: olcFrontendConfig olcDatabase: frontend olcPasswordHash: {SSHA512} olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
dn: olcDatabase=config,cn=config objectClass: olcDatabaseConfig olcDatabase: config olcRootDN: cn=config olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
When I try to do a ldapsearch with -Y EXTERNAL I get the following error:
root@lda25:~# ldapsearch -Y EXTERNAL -H ldaps://ldap25.example.net -b cn=config SASL/EXTERNAL authentication started ldap_sasl_interactive_bind: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available:
Ldapsearch -ZZ is working:
root@lda25:~# ldapsearch -x -ZZ -H ldap://ldap25.example.net -b cn=config -LLL No such object (32)
root@lda25:~# ldapsearch -x -H ldaps://ldap25.example.net -b cn=config -LLL No such object (32)
So ldaps and ldap+tls is working. Did I miss something during "configure". I would like to help testing version 2.5.
Stefan