Novell Home

My Favorites

Close

Please to see your favorites.

How to configure LDAP to allow simple binds

This document (7013279) is provided subject to the disclaimer at the end of this document.

Environment

NetIQ eDirectory
NetIQ iManager

Situation

How to configure LDAP to allow simple binds.
Unable to perform LDAP search or connect to the LDAP server.
The following error is displayed while performing an LDAP search over port 389:
  • ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
  • ldap_bind: Confidentiality required (13)
  • ldap_sasl_interactive_bind_s: Confidentiality required (13)

Resolution

How to disable Require TLS for All Operations and Require TLS for simple binds with password:

  1. Reconfigure the LDAP server, please select from one of the following options:
    • (Option A) iManager:
      • Login as an Administrator to the TREE.
        Note: Any change in iManager should automatically refresh the LDAP server.
      • Uncheck Require TLS for Simple Binds with Password:
        • From the left column Roles and Tasks, select LDAP | LDAP Options
        • Select the LDAP Group object from the list
        • Uncheck Require TLS for Simple Binds with Password and select Apply
        • Select LDAP Options from the left Roles and Tasks, LDAP section
      • Uncheck Require TLS for all operations:
        • Select View LDAP Servers
        • Select the LDAP Server object
        • Select the Connections tab
        • If checked, uncheck Require TLS for all operations
        • Select Apply
    • (Option B) From a terminal window on the LDAP server, enter the following:
      • ldap set "ldapTLSRequired=no"
      • ldap set "Require TLS for Simple Binds with Password=no"
        Note: The above restarts ldap automatically, the change will be picked up.
        To verify, check with the following command: ldapconfig get
  2. If the error continues, then restart the ldap service manually from a terminal window after making the above changes:
    nldap -u; nldap -l

Additional Information

Use the following command to test the LDAP server's response with a simple bind over port 389:
ldapsearch -x -h <ldapServerAddress> -D <adminFDN> -W
(ie. ldapsearch -x -h 151.155.215.91 -D cn=admin,o=novell -W)

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7013279
  • Creation Date:12-SEP-13
  • Modified Date:05-DEC-13
    • NetIQeDirectory
      iManager

Did this document solve your problem? Provide Feedback