Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote:
$ ldapsearch -v -D "cn=someuser, o=users" -H ldaps://foo.bar.tld:636 -ZZ
ldap_initialize( ldaps://foo.bar.tld:636 )
ldap_start_tls: Operations error (1)
additional info: TLS is is already established
You don't need -ZZ if you are using an LDAPS URL, as the LDAPS URL
indicates you want SSL encryption.
Thanks Quanah. Apologies for not being totally clear in the previous. I had
spotted the redundancy between the "ldaps" scheme and the -ZZ option and
tried it without the -ZZ option. But I got:
$ ldapsearch -v -D "cn=someuser, o=users" -H ldaps://foo.bar.tld:636
ldap_initialize( ldaps://foo.bar.tld:636 )
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
additional info: SASL(-4): no mechanism available:
So I decided that that was probably wrong. From what you say, it seems that
this is as it should have been and the problem is elsewhere. I'm not sure
what the "no mechanism available" means. My understanding is that the
mechanism I want is EXTERNAL and that this should delegate to the installed
OpenSSL for a TLS connection. I can't see any further required configuration
to make this happen.
Apologies if this is all very basic. I'm a humble web developer (not a
sysadmin). The certificate I have has worked correctly previously from a
Java web app (via JSSE) so I know that, in theory at least, I have enough to
make an LDAP TLS connection. I'm just knee-deep in documentation for the
last couple of days.
Thanks,
John.
_________________________________________________________________
Chat via voice, text or video - get MSN Messenger FREE!
http://messenger.msn.co.uk
