Re: [EXT] RE: ldap proxy

Quanah Gibson-Mount Wed, 26 Feb 2025 16:41:03 -0800

--On Wednesday, February 26, 2025 4:38 PM -0800 Quanah Gibson-Mount<[email protected]> wrote:

--On Wednesday, February 26, 2025 4:30 PM -0800 Quanah Gibson-Mount
<[email protected]> wrote:

You told it to use simple binds, not SASL.


Here's an example ldapsearch using a SASL/EXTERNAL bind setting all
parameters via the command line.

ldapsearch -Y EXTERNAL -o tls_cacert=/etc/ssl/certs/myca.pem -o
tls_cert=/home/joe/mycert.pem -o tls_key=/home/joe/mycert.key -H
ldaps://host.domain.com

OR if using starttls:

ldapsearch -ZZ -Y EXTERNAL -o tls_cacert=/etc/ssl/certs/myca.pem -o
tls_cert=/home/joe/mycert.pem -o tls_key=/home/joe/mycert.key -H
ldap://host.domain.com



Also:

method=128 is a simple bind


method=163 is a SASL/EXTERNAL bind

--Quanah

Re: [EXT] RE: ldap proxy

Reply via email to