I notice that the ldap.conf file is not used with commands ldapsearch, ldapwhoami (ldap tools). An environment variable (LDAPCONF) was set and pointing to the file (/etc/openldap/ldap.conf) but it doesn't work. On the other hand, using the information provided in an ldaprc file works. How to ensure the LDAP.conf file is taken into account because I need it for a mutual authentication connection with the use of LDAPS for SASL EXTERNAL. I'm using an openldap 2.6.6 version on CentOS.
--On Saturday, December 14, 2024 5:48 PM +0000 maudez.eric@neuf.fr wrote:
I notice that the ldap.conf file is not used with commands ldapsearch, ldapwhoami (ldap tools). An environment variable (LDAPCONF) was set and pointing to the file (/etc/openldap/ldap.conf) but it doesn't work. On the other hand, using the information provided in an ldaprc file works. How to ensure the LDAP.conf file is taken into account because I need it for a mutual authentication connection with the use of LDAPS for SASL EXTERNAL. I'm using an openldap 2.6.6 version on CentOS.
We need a better definition of "doesn't work". As per the man page:
"Some options are user-only. Such options are ignored if present in the ldap.conf (or file specified by LDAPCONF)."
--Quanah
When I want to validate a Tls mutual autentication with ldapsearch -H ldaps://…, I have an « peer did not return certificate » error message. However, my /etc/openldap/ldap.conf (with r options) is configured with TLS options (certificate, CA, key, tls_verifyclient=demand,…). I have no .ldaprc, LDAPRC, LDAPCONF environnement variable. When I used Ldapsearch -H ldaps://… with options like -o cert -o key -o cafile is Ok. I don’t understand why my ldap.conf is not read.
--On Thursday, December 19, 2024 9:05 AM +0000 Eric M em.job35@gmail.com wrote:
When I want to validate a Tls mutual autentication with ldapsearch -H ldaps://…, I have an « peer did not return certificate » error message. However, my /etc/openldap/ldap.conf (with r options) is configured with TLS options (certificate, CA, key, tls_verifyclient=demand,…). I have no .ldaprc, LDAPRC, LDAPCONF environnement variable. When I used Ldapsearch -H ldaps://… with options like -o cert -o key -o cafile is Ok. I don't understand why my ldap.conf is not read.
I will again refer you to the ldap.conf man page, which explicilty notes that the TLS mutual auth options (TLS_CERT, TLS_KEY) are USER ONLY options, which means you cannot set them via a global ldap.conf file.
Regards, Quanah
How do I configure my server for TLS mutual authentication to perform a search via ldapsearch ?
--On Thursday, December 19, 2024 9:23 PM +0000 Eric M em.job35@gmail.com wrote:
How do I configure my server for TLS mutual authentication to perform a search via ldapsearch ?
Can you give better background on what you want to do? Generally it's *not* recommended to use the ldap* tools inside of scripts, for example. I usually use python-ldap as an alternative in that case.
--Quanah
openldap-technical@openldap.org
-
Eric M -
maudez.eric@neuf.fr -
Quanah Gibson-Mount