On Mon, May 23, 2005 at 07:00:31PM +0200, Bjorn Ove Grotan wrote: > Maximilian Wilhelm: > > Am Montag, den 23. Mai hub Geert Stappers folgendes in die Tasten: > > > > Hi! > > > > > stappers@tw89:~ > > > $ ldapsearch -xw foo -D cn=smbadmin,ou=people,dc=gst,dc=stappers,dc=nl \ > > > -b dc=gst,dc=stappers,dc=nl > > > ldap_bind: Invalid credentials (49) > > > stappers@tw89:~ > > > $ > > > > > > > Try to add a -ZZ and ensure the ldap is used as hostname, to allow usage > > of SSL. > > As far as I know SSL is force for authenticating. > > -ZZ is for TLS. TLS != SSL. If you want to use SSL - do so by issuing a > ldap-url like ldaps://tjener.intern:636 where an ssl-enabled slapd is > listening on port 636, while tls runs with plain ldap on port 389. > > -ZZ can be used with "-H ldap://tjener.intern" and "-h tjener.intern" > You can check slapd.conf, the ACL for userPassword wether it requires > encrypted connection or not (ssf=128 for example). Allowing/using > non-encrypted bind for authentication or write-request is a bad idea in > general. COOL! That does bring light into "the darkness" tjener:~ # ldapsearch -xW -D cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no "" # userPassword Enter LDAP Password: ldap_bind: Insufficient access tjener:~ # ldapsearch -xW -H ldaps://tjener -D # cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no "" userPassword Enter LDAP Password: ldap_bind: Can't contact LDAP server tjener:~ # ldapsearch -xW -H ldaps://ldap -D # cn=admin,ou=people,dc=skole,dc=skolelinux,dc=no "" userPassword Enter LDAP Password: version: 2 # # filter: (objectclass=*) # requesting: userPassword # # skole, skolelinux, no dn: dc=skole,dc=skolelinux,dc=no <snip>result</snip> # search result search: 2 result: 0 Success # numResponses: 38 # numEntries: 37 tjener:~ # Thanks! Geert Stappers
Attachment:
signature.asc
Description: Digital signature