Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Use a free LDAP server with Address Book' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Use a free LDAP server with Address Book
Authored by: meitar on Apr 30, '08 12:07:45AM
This sounds utterly awesome, but I can't seem to get it to work in Mac OS X 10.5.2. I tried using the command line ldapsearch tool but that didn't work either. Specifically, I'm using Address Book.app at Version 4.1 (687.1). Here are the settings I've used in the LDAP preferences: Name: FreeLDAP.org Tests Server: ds1.us.freeldap.org Port: 636 (though I also tried to use 389) Use SSL: Checked (though I also tried unchecked—both port combinations) Allow self-signed certificates: Checked (though I also tried unchecked—both port combinations) Search Base: o=entic.net Scope: Subtree Authentication: Simple User name: uid=myusername, ou=People, o=entic.net Password: my password It's a no-go. The command line gives me error output like this:
SASL/EXTERNAL authentication started
ldap_sasl_interactive_bind_s: Unknown authentication method (-6)
	additional info: SASL(-4): no mechanism available: 
or like this if I try to use SSL (with the -Z flag to ldapsearch):
ldap_start_tls: Connect error (-11)
	additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
What might be wrong, or is FreeLDAP.org simply not compatible with Mac OS X 10.5.x Leopard?

---
-Meitar Moscovitz
Professional: http://MeitarMoscovitz.com/
Personal: http://maymay.net/

[ Reply to This | # ]

Use a free LDAP server with Address Book
Authored by: kholburn on May 03, '08 05:16:43AM
You need to get the certificate and import it into keychain access and tell keychain access to accept it. This technique will only work for SSL ports. For TLS it won't work.

If necessary run this command in Termminal substituting the DNS name of your server for "host" and the port for 636 if it differs:
openssl s_client -connect "host:636" -showcerts  
If you get a bunch of text copy and paste the parts from the
-----BEGIN CERTIFICATE-----
until and including the
-----END CERTIFICATE-----
into a file called host.cert double clicking on host.cert should open keychain acess and allow you to accept the certificate.

[ Reply to This | # ]