I got the error
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
________________________________
From: "Xu, Qiang (FXSGSC)" <Qiang.Xu(a)fujixerox.com>
To: Cool The Breezer <techcool.kumar(a)yahoo.com>; Echedey Lorenzo
<echedey(a)gmail.com>
Cc: Jonathan Clarke <jonathan(a)phillipoux.net>;
"openldap-technical(a)openldap.org" <openldap-technical(a)openldap.org>
Sent: Mon, March 1, 2010 3:35:14 PM
Subject: RE: OpenLDAP client configuration with CentOS 5.3
change ldap:// to ldaps:// in your
command.
________________________________
From: Cool The Breezer
[mailto:techcool.kumar@yahoo.com]
Sent: Monday, March 01, 2010 6:02
PM
To: Xu, Qiang (FXSGSC); Echedey Lorenzo
Cc: Jonathan
Clarke; openldap-technical(a)openldap.org
Subject: Re: OpenLDAP client
configuration with CentOS 5.3
I think it uses. We use the same for Windows login.
________________________________
From: "Xu, Qiang (FXSGSC)"
<Qiang.Xu(a)fujixerox.com>
To: Cool The Breezer
<techcool.kumar(a)yahoo.com>; Echedey Lorenzo
<echedey(a)gmail.com>
Cc: > Jonathan Clarke <jonathan(a)phillipoux.net>;
"openldap-technical(a)openldap.org"
<openldap-technical(a)openldap.org>
Sent: Mon, March 1, 2010 3:16:28
PM
Subject: RE: OpenLDAP
client configuration with CentOS 5.3
>
Is the server
using SSL/TLS connection?
________________________________
From: >> openldap-technical-bounces+qiang.xu=fujixerox.com(a)OpenLDAP.org
>
[mailto:openldap-technical-bounces+qiang.xu=fujixerox.com@OpenLDAP.org]
> On Behalf Of Cool The Breezer
>Sent: Monday, March 01, 2010
> 4:56 PM
>To: Echedey Lorenzo
>Cc: Jonathan Clarke;
> openldap-technical(a)openldap.org
>Subject: Re: OpenLDAP client
> configuration with CentOS 5.3
>
>
>Still no luck. It gave following errors
>
>
>ldap_bind: Invalid credentials (49)
> additional info: 80090308: LdapErr:
> DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
>
>
>All credentials used correctly.
>regards,
>RB
>
>
>
________________________________
From: Echedey Lorenzo
> <echedey(a)gmail.com>
>To: Cool The Breezer
> <techcool.kumar(a)yahoo.com>
>Cc: Jonathan Clarke
> <jonathan(a)phillipoux.net>; openldap-technical(a)openldap.org
>Sent: Mon, March 1, 2010 2:14:36
> PM
>Subject: Re: OpenLDAP
> client configuration with CentOS 5.3
>
>Try:
>
>ldapsearch -x
> -H ldap://xxx.yyy.com-D "cn=Directory Manager"
"(objectclass=*)" -W
> _e3user
>
>KR
>
>
>2010/3/1 Cool The Breezer <techcool.kumar(a)yahoo.com>
>
>I tried as per suggestions using man page. But still
>> getting the error
>>
>>ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory
>> Manager" "(objectclass=*)" -W -X _e3user
>>Enter LDAP Password:
>>
>>SASL/EXTERNAL authentication
>> started
>>ldap_sasl_interactive_bind_s: Unknown authentication method
>> (-6)
>> additional info: SASL(-4): no mechanism
>> available:
>>
>>
>>It now generates a new error. I tried using
>> authconfig with --enableldap, --enablewinbind and
>> --disableldaptls.
>>Still users are not able to login to linux box
>> using LDAP credentials.
>>
>>
>>
>>
>>----- Original Message ----
>>From: Jonathan
>> Clarke <jonathan(a)phillipoux.net>
>>To:
>> Cool The Breezer <techcool.kumar(a)yahoo.com>
>>Cc:
>> openldap-technical(a)openldap.org
>>Sent:
>> Mon, March 1, 2010 1:16:32 PM
>>Subject: Re: OpenLDAP client
>> configuration with CentOS 5.3
>>
>>
>>Le 01/03/2010 06:53, Cool The Breezer a écrit :
>>>
>> Thanks for your suggestion. But still there is some problem.
>>>
>> /ldapsearch -H
ldap://ldap-sunnyvale.juniper.net -x -LL
>>>
>> ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
>>> /
>>>
>> /
>>> /Output: version: 1/
>>> /
>>> /
>>> /Operations
>> error (1)/
>>> /Additional information: 00000000: LdapErr:
>> DSID-0C090627, comment: In
>>> order to perform this operation a
>> successful bind must be completed on
>>> the connection., data 0,
>> vece/
>>>
>>> Not sure the reason behind such errors. I think
>> there is something
>>> wrong, because when I am trying to login linux
>> box using ldap
>>> credentials, it simply closes the
>> connection.
>>
>>As it says in this error message: "a successful bind
>> must be completed on the connection". This means you must authenticate
to
>> the LDAP server in order to search in it.
>>
>>Check the -D and -w/-W
>> options in the ldapsearch(1) man page. You'll need a valid account in
your
>> LDAP server and it's password.
>>
>>Jonathan
>>--
>> --------------------------------------------------------------
>>Jonathan
>> Clarke - jonathan(a)phillipoux.net
>>--------------------------------------------------------------
>>Ldap
>> Synchronization Connector (LSC) -
http://lsc-project.org
>>--------------------------------------------------------------
>>
>>
>>
>>
>>
>
>
>--
>--------------------------------------------
>|
> Echedey Lorenzo Arencibia
> |
>--------------------------------------------
>
>