Environment
NetIQ eDirectory
NetIQ iManager
Situation
How to configure LDAP to allow simple binds.
Unable to perform LDAP search or connect to the LDAP server.
The following error is displayed while performing an LDAP search over port 389:
- ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
- ldap_bind: Confidentiality required (13)
- ldap_sasl_interactive_bind_s: Confidentiality required (13)
Resolution
How to disable Require TLS for All Operations and Require TLS for simple binds with password:
-
Reconfigure the LDAP server, please select from one of the following options:
-
(Option A) iManager:
-
Login as an Administrator to the TREE.
Note: Any change in iManager should automatically refresh the LDAP server. -
Uncheck Require TLS for Simple Binds with Password:
-
From the left column Roles and Tasks, select LDAP | LDAP Options
-
Select the LDAP Group object from the list
-
Uncheck Require TLS for Simple Binds with Password and select Apply
-
Select LDAP Options from the left Roles and Tasks, LDAP section
-
-
Uncheck Require TLS for all operations:
-
Select View LDAP Servers
-
Select the LDAP Server object
-
Select the Connections tab
-
If checked, uncheck Require TLS for all operations
-
Select Apply
-
-
(Option B - Linux only) From a terminal window on the LDAP server, enter the following:
-
ldapconfig set "ldapTLSRequired=no"
-
ldapconfig set "Require TLS for Simple Binds with Password=no"
Note: The above restarts ldap automatically, the change will be picked up.
To verify, check with the following command: ldapconfig get
-
-
If the error continues, then restart the ldap service manually from a terminal window after making the above changes:
nldap -u; nldap -l
Additional Information
Use the following command to test the LDAP server's response with a simple bind over port 389:
ldapsearch -x -h <ldapServerAddress> -D <adminFDN> -W
(ie. ldapsearch -x -h 151.155.215.91 -D cn=admin,o=novell -W)