The problem was sitting in front of the monitor ^^ I must uses ldapi:/// insted of ldaps://<fqdn>. Sometimes it's good to take a break :-)
Am 15.10.20 um 18:55 schrieb Stefan Kania: > Hello, > > I just compiled OpenLDAP 2.5alpha on a debian 10 system. I used this howto: > https://tylersguides.com/guides/install-openldap-source-debian-stretch/ > > Slapd is running and I load the following ldif: > ----------------- > dn: cn=config > objectClass: olcGlobal > cn: config > olcArgsFile: /opt/openldap-current/var/run/slapd.args > olcPidFile: /opt/openldap-current/var/run/slapd.pid > olcTLSCACertificateFile: /etc/ssl/certificates/demoCA/cacert.pem > olcTLSCertificateFile: /etc/ssl/certificates/ldap01-cert.pem > olcTLSCertificateKeyFile: /etc/ssl/certificates/ldap01-key.pem > olcTLSCipherSuite: TLSv1.2:HIGH:!aNULL:!eNULL > olcTLSProtocolMin: 3.3 > > dn: cn=schema,cn=config > objectClass: olcSchemaConfig > cn: schema > > dn: cn=module,cn=config > objectClass: olcModuleList > cn: module > olcModulepath: /opt/openldap-current/libexec/openldap > olcModuleload: back_mdb.la > olcModuleload: pw-sha2.la > > include: file:///opt/openldap-current/etc/openldap/schema/core.ldif > include: file:///opt/openldap-current/etc/openldap/schema/cosine.ldif > include: file:///opt/openldap-current/etc/openldap/schema/nis.ldif > include: file:///opt/openldap-current/etc/openldap/schema/inetorgperson.ldif > > dn: olcDatabase=frontend,cn=config > objectClass: olcDatabaseConfig > objectClass: olcFrontendConfig > olcDatabase: frontend > olcPasswordHash: {SSHA512} > olcAccess: to * by > dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage > by * none > > dn: olcDatabase=config,cn=config > objectClass: olcDatabaseConfig > olcDatabase: config > olcRootDN: cn=config > olcAccess: to * by > dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage > by * none > ----------------- > > When I try to do a ldapsearch with -Y EXTERNAL I get the following error: > ----------------- > root@lda25:~# ldapsearch -Y EXTERNAL -H ldaps://ldap25.example.net -b > cn=config > SASL/EXTERNAL authentication started > ldap_sasl_interactive_bind: Unknown authentication method (-6) > additional info: SASL(-4): no mechanism available: > ----------------- > > Ldapsearch -ZZ is working: > ----------------- > root@lda25:~# ldapsearch -x -ZZ -H ldap://ldap25.example.net -b > cn=config -LLL > No such object (32) > > root@lda25:~# ldapsearch -x -H ldaps://ldap25.example.net -b cn=config -LLL > No such object (32) > ----------------- > So ldaps and ldap+tls is working. Did I miss something during > "configure". I would like to help testing version 2.5. > > Stefan > > -- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren und schützt Ihre Privatsphäre. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html
smime.p7s
Description: S/MIME Cryptographic Signature
