So there it is,
Import your server's certificate in your client. Check out some nice tutorials you can find in the net, like this useful blog:
http://networknerd.wordpress.com/2008/10/26/configuring-openldap-for-client-...
KR
2010/3/1 Cool The Breezer techcool.kumar@yahoo.com
I got the error
ldap_bind: Can't contact LDAP server (-1) additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
*From:* "Xu, Qiang (FXSGSC)" Qiang.Xu@fujixerox.com *To:* Cool The Breezer techcool.kumar@yahoo.com; Echedey Lorenzo < echedey@gmail.com> *Cc:* Jonathan Clarke jonathan@phillipoux.net; " openldap-technical@openldap.org" openldap-technical@openldap.org *Sent:* Mon, March 1, 2010 3:35:14 PM
*Subject:* RE: OpenLDAP client configuration with CentOS 5.3
change ldap:// to ldaps:// in your command.
*From:* Cool The Breezer [mailto:techcool.kumar@yahoo.com] *Sent:* Monday, March 01, 2010 6:02 PM *To:* Xu, Qiang (FXSGSC); Echedey Lorenzo *Cc:* Jonathan Clarke; openldap-technical@openldap.org *Subject:* Re: OpenLDAP client configuration with CentOS 5.3
I think it uses. We use the same for Windows login.
*From:* "Xu, Qiang (FXSGSC)" Qiang.Xu@fujixerox.com *To:* Cool The Breezer techcool.kumar@yahoo.com; Echedey Lorenzo < echedey@gmail.com> *Cc:* Jonathan Clarke jonathan@phillipoux.net; " openldap-technical@openldap.org" openldap-technical@openldap.org *Sent:* Mon, March 1, 2010 3:16:28 PM *Subject:* RE: OpenLDAP client configuration with CentOS 5.3
Is the server using SSL/TLS connection?
*From:* openldap-technical-bounces+qiang.xu=fujixerox.com@OpenLDAP.org [mailto:openldap-technical-bounces+qiang.xu<openldap-technical-bounces%2Bqiang.xu> =fujixerox.com@OpenLDAP.org] *On Behalf Of *Cool The Breezer *Sent:* Monday, March 01, 2010 4:56 PM *To:* Echedey Lorenzo *Cc:* Jonathan Clarke; openldap-technical@openldap.org *Subject:* Re: OpenLDAP client configuration with CentOS 5.3
Still no luck. It gave following errors
ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
All credentials used correctly. regards, RB
*From:* Echedey Lorenzo echedey@gmail.com *To:* Cool The Breezer techcool.kumar@yahoo.com *Cc:* Jonathan Clarke jonathan@phillipoux.net; openldap-technical@openldap.org *Sent:* Mon, March 1, 2010 2:14:36 PM *Subject:* Re: OpenLDAP client configuration with CentOS 5.3
Try:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager" "(objectclass=*)" -W _e3user
KR
2010/3/1 Cool The Breezer techcool.kumar@yahoo.com
I tried as per suggestions using man page. But still getting the error
ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager" "(objectclass=*)" -W -X _e3user Enter LDAP Password: SASL/EXTERNAL authentication started ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available:
It now generates a new error. I tried using authconfig with --enableldap, --enablewinbind and --disableldaptls. Still users are not able to login to linux box using LDAP credentials.
----- Original Message ---- From: Jonathan Clarke jonathan@phillipoux.net To: Cool The Breezer techcool.kumar@yahoo.com Cc: openldap-technical@openldap.org Sent: Mon, March 1, 2010 1:16:32 PM Subject: Re: OpenLDAP client configuration with CentOS 5.3
Le 01/03/2010 06:53, Cool The Breezer a écrit :
Thanks for your suggestion. But still there is some problem. /ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/ / / /Output: version: 1/ / / /Operations error (1)/ /Additional information: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece/
Not sure the reason behind such errors. I think there is something wrong, because when I am trying to login linux box using ldap credentials, it simply closes the connection.
As it says in this error message: "a successful bind must be completed on the connection". This means you must authenticate to the LDAP server in order to search in it.
Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need a valid account in your LDAP server and it's password.
Jonathan
Jonathan Clarke - jonathan@phillipoux.net
Ldap Synchronization Connector (LSC) - http://lsc-project.org
--
| Echedey Lorenzo Arencibia |