So there it is,
Import your server's certificate in your client. Check out some nice
tutorials you can find in the net, like this useful blog:
I got the error
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
------------------------------
*From:* "Xu, Qiang (FXSGSC)" <Qiang.Xu(a)fujixerox.com>
*To:* Cool The Breezer <techcool.kumar(a)yahoo.com>; Echedey Lorenzo <
echedey(a)gmail.com>
*Cc:* Jonathan Clarke <jonathan(a)phillipoux.net>; "
openldap-technical(a)openldap.org" <openldap-technical(a)openldap.org>
*Sent:* Mon, March 1, 2010 3:35:14 PM
*Subject:* RE: OpenLDAP client configuration with CentOS 5.3
change ldap:// to ldaps:// in your command.
------------------------------
*From:* Cool The Breezer [mailto:techcool.kumar@yahoo.com]
*Sent:* Monday, March 01, 2010 6:02 PM
*To:* Xu, Qiang (FXSGSC); Echedey Lorenzo
*Cc:* Jonathan Clarke; openldap-technical(a)openldap.org
*Subject:* Re: OpenLDAP client configuration with CentOS 5.3
I think it uses. We use the same for Windows login.
------------------------------
*From:* "Xu, Qiang (FXSGSC)" <Qiang.Xu(a)fujixerox.com>
*To:* Cool The Breezer <techcool.kumar(a)yahoo.com>; Echedey Lorenzo <
echedey(a)gmail.com>
*Cc:* Jonathan Clarke <jonathan(a)phillipoux.net>; "
openldap-technical(a)openldap.org" <openldap-technical(a)openldap.org>
*Sent:* Mon, March 1, 2010 3:16:28 PM
*Subject:* RE: OpenLDAP client configuration with CentOS 5.3
Is the server using SSL/TLS connection?
------------------------------
*From:* openldap-technical-bounces+qiang.xu=fujixerox.com(a)OpenLDAP.org
[mailto:openldap-technical-bounces+qiang.xu<openldap-technical-bounces%2Bqiang.xu>
=fujixerox.com(a)OpenLDAP.org] *On Behalf Of *Cool The Breezer
*Sent:* Monday, March 01, 2010 4:56 PM
*To:* Echedey Lorenzo
*Cc:* Jonathan Clarke; openldap-technical(a)openldap.org
*Subject:* Re: OpenLDAP client configuration with CentOS 5.3
Still no luck. It gave following errors
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece
All credentials used correctly.
regards,
RB
------------------------------
*From:* Echedey Lorenzo <echedey(a)gmail.com>
*To:* Cool The Breezer <techcool.kumar(a)yahoo.com>
*Cc:* Jonathan Clarke <jonathan(a)phillipoux.net>;
openldap-technical(a)openldap.org
*Sent:* Mon, March 1, 2010 2:14:36 PM
*Subject:* Re: OpenLDAP client configuration with CentOS 5.3
Try:
ldapsearch -x -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W _e3user
KR
2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>
> I tried as per suggestions using man page. But still getting the error
>
> ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory Manager"
> "(objectclass=*)" -W -X _e3user
> Enter LDAP Password:
> SASL/EXTERNAL authentication started
> ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
> additional info: SASL(-4): no mechanism available:
>
>
> It now generates a new error. I tried using authconfig with --enableldap,
> --enablewinbind and --disableldaptls.
> Still users are not able to login to linux box using LDAP credentials.
>
>
>
> ----- Original Message ----
> From: Jonathan Clarke <jonathan(a)phillipoux.net>
> To: Cool The Breezer <techcool.kumar(a)yahoo.com>
> Cc: openldap-technical(a)openldap.org
> Sent: Mon, March 1, 2010 1:16:32 PM
> Subject: Re: OpenLDAP client configuration with CentOS 5.3
>
> Le 01/03/2010 06:53, Cool The Breezer a écrit :
> > Thanks for your suggestion. But still there is some problem.
> > /ldapsearch -H
ldap://ldap-sunnyvale.juniper.net -x -LL
> > ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
> > /
> > /
> > /Output: version: 1/
> > /
> > /
> > /Operations error (1)/
> > /Additional information: 00000000: LdapErr: DSID-0C090627, comment: In
> > order to perform this operation a successful bind must be completed on
> > the connection., data 0, vece/
> >
> > Not sure the reason behind such errors. I think there is something
> > wrong, because when I am trying to login linux box using ldap
> > credentials, it simply closes the connection.
>
> As it says in this error message: "a successful bind must be completed on
> the connection". This means you must authenticate to the LDAP server in
> order to search in it.
>
> Check the -D and -w/-W options in the ldapsearch(1) man page. You'll need
> a valid account in your LDAP server and it's password.
>
> Jonathan
> -- --------------------------------------------------------------
> Jonathan Clarke - jonathan(a)phillipoux.net
> --------------------------------------------------------------
> Ldap Synchronization Connector (LSC) -
http://lsc-project.org
> --------------------------------------------------------------
>
>
>
>
>
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------
--
--------------------------------------------
| Echedey Lorenzo Arencibia |
--------------------------------------------