--On Wednesday, February 26, 2025 4:38 PM -0800 Quanah Gibson-Mount quanah@fast-mail.org wrote:
--On Wednesday, February 26, 2025 4:30 PM -0800 Quanah Gibson-Mount quanah@fast-mail.org wrote:
You told it to use simple binds, not SASL.
Here's an example ldapsearch using a SASL/EXTERNAL bind setting all parameters via the command line.
ldapsearch -Y EXTERNAL -o tls_cacert=/etc/ssl/certs/myca.pem -o tls_cert=/home/joe/mycert.pem -o tls_key=/home/joe/mycert.key -H ldaps://host.domain.com
OR if using starttls:
ldapsearch -ZZ -Y EXTERNAL -o tls_cacert=/etc/ssl/certs/myca.pem -o tls_cert=/home/joe/mycert.pem -o tls_key=/home/joe/mycert.key -H ldap://host.domain.com
Also:
method=128 is a simple bind
method=163 is a SASL/EXTERNAL bind
--Quanah