I think I am supposed to provide the bind DN with "-D" option i.e. cn=admin,dc=ldap-company,dc=com.

With this value, it works fine.

Sorry for the mistake.

Reg Apache issue, I will post it here once it is solved.


On Mon, Sep 21, 2009 at 3:42 PM, Asimananda Mohanty <asimananda.mohanty@gmail.com> wrote:
Hi Dieter,

I will try to look it from a different angle. Once I am able to solve it, I will post it here.

I have one more query.

On my server, I am able to get the result by :

# ldapsearch -d8 -H ldaps://ldap-company.com -b dc=ldap-company,dc=com uid=asimananda
SASL/DIGEST-MD5 authentication started
Please enter your password:


But the following query doesn't show any result and throws error.

# ldapsearch -d8 -H ldaps://ldap-company.com -D dc=ldap-company,dc=com uid=asimananda -W
Enter LDAP Password:
ldap_bind: Invalid credentials (49)

Does this mean that I have still some configuration to do?

Please comment.


On Mon, Sep 21, 2009 at 10:54 AM, Dieter Kluenter <dieter@dkluenter.de> wrote:
Asimananda Mohanty <asimananda.mohanty@gmail.com> writes:

> Hi Dieter,
> Thanks for the reply.
> My Apache is built with openldap lib only.
> I am able to connect to ubuntu host my my solaris client on ports 389 and 636.
> Then I guess, apache is not able to verify the certificates presented. In that case, please let me know how do I debug
> slapd to watch apache connection.

As I mentioned many times, this topip is neither OpenLDAP nor Ubuntu
related, it is just a question of how to properly set up Apache on Sun
Solaris 10.
Did you configure mod_auth_ldap and mod_ldap to use TLS?
There are two sources of information, Sun Bigadmin and Apache
documentation. Lot of documentation is referring to *.der or cert7.db
files, note that OpenLDAP only handles *.pem files. For mor
information on this topic read openssl documentation.



Dieter Klünter | Systemberatung