Re: persisting ldap_bind: Invalid credentials (49)
Maximilian Wilhelm:
> Am Montag, den 23. Mai hub Geert Stappers folgendes in die Tasten:
>
> Hi!
>
> > stappers@tw89:~
> > $ ldapsearch -xw foo -D cn=smbadmin,ou=people,dc=gst,dc=stappers,dc=nl \
> > -b dc=gst,dc=stappers,dc=nl
> > ldap_bind: Invalid credentials (49)
> > stappers@tw89:~
> > $
> >
>
> Try to add a -ZZ and ensure the ldap is used as hostname, to allow usage
> of SSL.
> As far as I know SSL is force for authenticating.
-ZZ is for TLS. TLS != SSL. If you want to use SSL - do so by issuing a
ldap-url like ldaps://tjener.intern:636 where an ssl-enabled slapd is
listening on port 636, while tls runs with plain ldap on port 389.
-ZZ can be used with "-H ldap://tjener.intern" and "-h tjener.intern"
You can check slapd.conf, the ACL for userPassword wether it requires
encrypted connection or not (ssf=128 for example). Allowing/using
non-encrypted bind for authentication or write-request is a bad idea in
general.
--
Regards
Bjørn Ove Grøtan
Reply to: