louis gonzales wrote: > Does: netstat -an | grep 636 > show that LDAPS is indeed LISTEN'ing? here is the output of "netstat -an | grep 636"
tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN tcp 0 0 :::636 :::* LISTEN > > JOYDEEP wrote: > >> Greg Martin wrote: >> >> >>> if you run ldapsearch with the -x switch it you can use simple auth >>> with -D logindn -w loginpassword >>> >>> >> Thanks Greg for your response but [-x] actually disable the ssl and I >> want to implement >> it for security reason. >> >> >>> \\Greg >>> >>> JOYDEEP wrote: >>> >>>> Dear list, >>>> >>>> I am using openldap2-2.3.19-18 under suse 10.1 and it is wotking >>>> fine at >>>> port 389 ( ldap://) >>>> Now to secure it with ssl, I have first generated a certificate with >>>> Ca.sh script comes with linux. >>>> >>>> then I have modified my /etc/openldap/slapd.conf as >>>> ========================================= >>>> TLSCipherSuite HIGH:MEDIUM:+SSLv2 >>>> TLSCertificateFile /etc/openldap/myca/servercert.pem >>>> TLSCertificateKeyFile /etc/openldap/myca/serverkey.pem >>>> TLSCACertificateFile /etc/openldap/myca/cacert.pem >>>> TLSVerifyClient never >>>> ========================================= >>>> >>>> I also modified /etc/openldap/ldap.conf as >>>> ================================= >>>> HOST 127.0.0.1:636 >>>> BASE ou=Users,dc=kolkatainfoservices,dc=in >>>> TLS_CACERT /etc/openldap/myca/cacert.pem >>>> ================================= >>>> >>>> now when I execute *ldapsearch -H ldaps:// -d 255* it asks for >>>> ====================== >>>> ldap_msgfree >>>> sasl_client_step: 2 >>>> Please enter your password: >>>> ====================== >>>> after giving the manager password which is seceret it reports >>>> ========================== >>>> ldap_msgfree >>>> ldap_perror >>>> ldap_sasl_interactive_bind_s: Invalid credentials (49) >>>> additional info: SASL(-13): user not found: no secret in >>>> database >>>> ============================================ >>>> >>>> could any one suggest what am I missing here ? >>>> thanks. >>>> >>>> >>>> >>>> >>>> >>> > >
