ldapsearch to search DS with SSL enabled
By gc on Sep 04, 2007
Normally, you don't have any problem to run ldapsearch on a directory server without SSL enabled. The ldapsearch can be of any version, even the default one of Solaris system works. However, if the directory server instance runs on secure port, you might run into lots of trouble.
When using the default /bin/ldapsearch, it reads cert from cert7.db and mostly you could get error "ldap_simple_bind: Can't contact LDAP server" from a target DS of JES5. In ldap access log, error is "B4 - Server failed to flush BER data back to client".
You would better to use the ldapsearch command coming with the DS6.0 /opt/SUNWdsee/dsee6/bin/ldapsearch and pass the cert8.db of the target DS itself as the parameter of -P option. For example, /opt/SUNWdsee/dsee6/bin/ldapsearch -h
Of course, you have to run the above on the machine where DS is installed. If you need to run it on a different machine, the easiest way is to copy/ftp the file cert8.db and key3.db used by the DS to the remote client machine. I could use the ldapsearch coming with JES4 in this way. For example,
cp /var/opt/SUNWdsee/dsins2/alias/slapd-\*.db /tmp/.
"cn=directory manager" -w password -P /tmp/slapd-cert8.db -b "dc=com" -Z "uid=\*".
If you get error "ld.so.1: ldapsearch: fatal: libldap50.so: open failed: No such file or directory", you would need to "setenv LD_LIBRARY_PATH /usr/lib/mps:$LD_LIBRARY_PATH"