Option -X is for SASL configuration. If you want TLS, perhaps you mean
-ZZ?
I'm not sure what pages you're looking at that confuse TLS and Kerberos.
They are separate topics; for example, the OpenLDAP Administrator's Guide
has separate chapters for TLS and Kerberos. That may be a better source to
use as reference as you work this out.
You might also want to consider upgrading to 2.3.35. TLS bugs were fixed
quite recently. See http://www.openldap.org/software/release/changes.html
for details.
On Tue, 22 May 2007, Craig wrote:
I am running openldap 2.2.13. I am having a problem getting TLS to work. I
have done numerous searches, but most web pages seem to deal with
LDAP/kerberos issues. We do not run kerberos. I am only trying to prevent
passwords from being sent in the clear.
I have followed the instructions on this page:
http://www.ibm.com/developerworks/linux/library/l-openldap/
I am able to run ldapsearch with simple auth:
ldapsearch -x
but, am not able to do any of the following:
ldapsearch
ldapsearch -X u:myuid
ldapsearch -X dn:uid=myuid,ou=People,dc=example,dc=com
The error is (with "-d 255"):
...
SASL/GSSAPI authentication started
ldap_perror
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (No credentials cache found)
It looks like the server is running fine. But, the logs don't really indicate
what the problem is. (It seems to be more of a client issue, but still the
server should give some hint in the logs.)
If you need more debugging info, just let me know.
Any help would be greatly appreciated.
TIA
Craig
