On 02/09/16 10:28 +0100, Frank Thommen wrote:
BINDDN in ~/.ldaprc seems to be ignored or I'm doing something wrong.
/etc/openldap/ldap.conf is empty.
~/.ldaprc is:
$ cat ~/.ldaprc BINDDN <myBindDN> BASE <myBaseDN> URI ldaps://<myLDAPServer> TLS_REQCERT never $
ldapsearch returns an error if I don't declare the bindDN on the commandline:
$ ldapsearch -W -v cn=xyz ldap_initialize( <DEFAULT> ) Enter LDAP Password: SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available) $
For SASL binds, specify SASL_AUTHCID instead; however this option will be ignored by the sasl library for GSSAPI binds, in which case SASL_AUTHZID may be used if you need to specify an authz identity.
For non-sasl binds, specify '-x' on your command line, which does make use of BINDDN.