Article
Search
Shameless Plugs
Most Popular
Who's online
Online users
User login
7721
Configuring the LDAP TLS Required Option
This article is useful for administrators who use eDirectory as their LDAP Server. Those who are new to LDAP would have been facing this error frequently, when they go via the clear text port:
ldap_bind: Confidentiality required (13)
as shown below.
The reason for this is that the configuration parameter related to the 'Require TLS for operations' in the ldap server object is set.
This parameter can be modified either through the ldapconfig utility (that gets bundled with eDirectory) or through iManager.
Through 'ldapconfig':
- Run 'ldapconfig get' with the necessary options to check the status of those parameters.
Here it can be seen that the parameters 'ldapTLSRequired' (for all the ldap operations) and 'Require TLS for Simple Binds with Password' (for ldap simple binds alone) are set to yes. These are the default values and are the recommended values from the security purpose.
For testing purposes, if the ldap operations need to proceed over the clear text channel, then these options need to be unset as follows. - Unset the 'ldapTLSRequired' option and the 'Require TLS for Simple Binds with Password' option.
- Now run the 'ldapconfig get' again to verify that these options are properly unset.
Note that the parameters 'ldapTLSRequired' (for all the ldap operations) and 'Require TLS for Simple Binds with Password' (for ldap simple binds alone) are set to 'NO' now.
- Now ldap operations over the clear text layer can be proceeded.
Through iManager:
The same thing can be configured through iManager as well as follows:
- Login to the tree through iManager.
- Go to the Directory administration tab and then to the modify object tab.
- Select the LDAP Server object through the object browser and click ok.
- Now it can be seen that the 'Require TLS for all operations' check box is checked.
- Un-check that check box and click 'ok'.
- Again go back to the Directory Administration->Modify Object tab and select the LDAP group object through the object browser and click 'OK'.
- You can see that “Require TLS for Simple Binds with Password” option is enabled.
- Un-check that and click Apply/OK.
- Now ldap operations over the clear text layer can proceed.
Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).
It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.
Related Articles
User Comments
Configuring the LDAP TLS Required Option
Submitted by jimgoodall on 8 October 2009 - 2:49am.
Whilst this is fine for troubleshooting / debug, I'd suggest you would not want to do this in a live environment as passwords are passed clear text over the wire, and are easily readable using a tool such as Wireshark.
I would suggest in a live environment, certificates should be set up correctly and binds made securely on port 636.
TID 7002343 is a good starting place ;)
Cheers
Jim
- Be the first to comment! To leave a comment you need to Login or Register
1