Re: OpenLDAP client configuration with CentOS 5.3

[Cool The Breezer]

I got the error

ldap_bind: Can't contact LDAP server (-1)
        additional info: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed



________________________________
From: "Xu, Qiang (FXSGSC)" <qiang...@fujixerox.com>
To: Cool The Breezer <techcool.ku...@yahoo.com>; Echedey Lorenzo 
<eche...@gmail.com>
Cc: Jonathan Clarke <jonat...@phillipoux.net>; 
"openldap-technical@openldap.org" <openldap-technical@openldap.org>
Sent: Mon, March 1, 2010 3:35:14 PM
Subject: RE: OpenLDAP client configuration with CentOS 5.3

 
change ldap:// to ldaps:// in your 
command.


________________________________
 From: Cool The Breezer 
>  [mailto:techcool.ku...@yahoo.com] 
>Sent: Monday, March 01, 2010 6:02 
>  PM
>To: Xu, Qiang (FXSGSC); Echedey Lorenzo
>Cc: Jonathan 
>  Clarke; openldap-technical@openldap.org
>Subject: Re: OpenLDAP client 
>  configuration with CentOS 5.3
>
>
>I think it uses. We use the same for Windows login. 
>
>
>
________________________________
 From: "Xu, Qiang (FXSGSC)" 
>  <qiang...@fujixerox.com>
>To: Cool The Breezer 
>  <techcool.ku...@yahoo.com>; Echedey Lorenzo 
>  <eche...@gmail.com>
>Cc: >  Jonathan Clarke <jonat...@phillipoux.net>; 
>  "openldap-technical@openldap.org" 
>  <openldap-technical@openldap.org>
>Sent: Mon, March 1, 2010 3:16:28 
>  PM
>Subject: RE: OpenLDAP 
>  client configuration with CentOS 5.3
>
> > 
>Is the server 
>  using SSL/TLS connection?
>
>
________________________________
 From: >>    openldap-technical-bounces+qiang.xu=fujixerox....@openldap.org 
>>    [mailto:openldap-technical-bounces+qiang.xu=fujixerox....@openldap.org] 
>> On Behalf Of Cool The Breezer
>>Sent: Monday, March 01, 2010 
>>    4:56 PM
>>To: Echedey Lorenzo
>>Cc: Jonathan Clarke; 
>>    openldap-technical@openldap.org
>>Subject: Re: OpenLDAP client 
>>    configuration with CentOS 5.3
>>
>>
>>Still no luck. It gave following errors
>>
>>
>>ldap_bind: Invalid credentials (49)
>>        additional info: 80090308: LdapErr: 
>>    DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
>>
>>
>>All credentials used correctly.
>>regards,
>>RB
>>
>>
>>
________________________________
 From: Echedey Lorenzo 
>>    <eche...@gmail.com>
>>To: Cool The Breezer 
>>    <techcool.ku...@yahoo.com>
>>Cc: Jonathan Clarke 
>>    <jonat...@phillipoux.net>; openldap-technical@openldap.org
>>Sent: Mon, March 1, 2010 2:14:36 
>>    PM
>>Subject: Re: OpenLDAP 
>>    client configuration with CentOS 5.3
>>
>>Try:
>>
>>ldapsearch -x 
>>    -H ldap://xxx.yyy.com-D "cn=Directory Manager" "(objectclass=*)" -W 
>>    _e3user
>>
>>KR
>>
>>
>>2010/3/1 Cool The Breezer <techcool.ku...@yahoo.com>
>>
>>I tried as per suggestions using man page. But still 
>>>      getting the error
>>>
>>>ldapsearch -H ldap://xxx.yyy.com-D "cn=Directory 
>>>      Manager" "(objectclass=*)" -W -X _e3user
>>>Enter LDAP Password:
>>>
>>>SASL/EXTERNAL authentication 
>>>      started
>>>ldap_sasl_interactive_bind_s: Unknown authentication method 
>>>      (-6)
>>>       additional info: SASL(-4): no mechanism 
>>>      available:
>>>
>>>
>>>It now generates a new error. I tried using 
>>>      authconfig with --enableldap,  --enablewinbind  and 
>>>       --disableldaptls.
>>>Still users are not able to login to linux box 
>>>      using LDAP credentials.
>>>
>>>
>>>
>>>
>>>----- Original Message ----
>>>From: Jonathan 
>>>      Clarke <jonat...@phillipoux.net>
>>>To: 
>>>      Cool The Breezer <techcool.ku...@yahoo.com>
>>>Cc: 
>>> openldap-technical@openldap.org
>>>Sent: 
>>>      Mon, March 1, 2010 1:16:32 PM
>>>Subject: Re: OpenLDAP client 
>>>      configuration with CentOS 5.3
>>>
>>>
>>>Le 01/03/2010 06:53, Cool The Breezer a écrit :
>>>> 
>>>      Thanks for your suggestion. But still there is some problem.
>>>> 
>>>      /ldapsearch -H ldap://ldap-sunnyvale.juniper.net -x -LL
>>>> 
>>>      ou=people,dc=jnpr,dc=net "{mail=*norton*}" sn cn mail/
>>>> /
>>>> 
>>>      /
>>>> /Output: version: 1/
>>>> /
>>>> /
>>>> /Operations 
>>>      error (1)/
>>>> /Additional information: 00000000: LdapErr: 
>>>      DSID-0C090627, comment: In
>>>> order to perform this operation a 
>>>      successful bind must be completed on
>>>> the connection., data 0, 
>>>      vece/
>>>>
>>>> Not sure the reason behind such errors. I think 
>>>      there is something
>>>> wrong, because when I am trying to login linux 
>>>      box using ldap
>>>> credentials, it simply closes the 
>>>      connection.
>>>
>>>As it says in this error message: "a successful bind 
>>>      must be completed on the connection". This means you must authenticate 
>>> to 
>>>      the LDAP server in order to search in it.
>>>
>>>Check the -D and -w/-W 
>>>      options in the ldapsearch(1) man page. You'll need a valid account in 
>>> your 
>>>      LDAP server and it's password.
>>>
>>>Jonathan
>>>-- 
>>>      --------------------------------------------------------------
>>>Jonathan 
>>>      Clarke - jonat...@phillipoux.net
>>>--------------------------------------------------------------
>>>Ldap 
>>>      Synchronization Connector (LSC) - http://lsc-project.org
>>>--------------------------------------------------------------
>>>
>>>
>>>
>>>
>>>
>>
>>
>>-- 
>>--------------------------------------------
>>| 
>>    Echedey Lorenzo Arencibia 
>>     |
>>--------------------------------------------
>>
>>
>