This article is useful for administrators who use eDirectory as their LDAP Server. Those who are new to LDAP would have been facing this error frequently, when they go via the clear text port:
ldap_bind: Confidentiality required (13)
as shown below.
The reason for this is that the configuration parameter related to the ‘Require TLS for operations’ in the ldap server object is set.
This parameter can be modified either through the ldapconfig utility (that gets bundled with eDirectory) or through iManager.
- Run ‘ldapconfig get’ with the necessary options to check the status of those parameters.
Here it can be seen that the parameters ‘ldapTLSRequired’ (for all the ldap operations) and ‘Require TLS for Simple Binds with Password’ (for ldap simple binds alone) are set to yes. These are the default values and are the recommended values from the security purpose.
For testing purposes, if the ldap operations need to proceed over the clear text channel, then these options need to be unset as follows.
- Unset the ‘ldapTLSRequired’ option and the ‘Require TLS for Simple Binds with Password’ option.
- Now run the ‘ldapconfig get’ again to verify that these options are properly unset.
Note that the parameters ‘ldapTLSRequired’ (for all the ldap operations) and ‘Require TLS for Simple Binds with Password’ (for ldap simple binds alone) are set to ‘NO’ now.
- Now ldap operations over the clear text layer can be proceeded.
The same thing can be configured through iManager as well as follows:
- Login to the tree through iManager.
- Go to the Directory administration tab and then to the modify object tab.
- Select the LDAP Server object through the object browser and click ok.
- Now it can be seen that the ‘Require TLS for all operations’ check box is checked.
- Un-check that check box and click ‘ok’.
- Again go back to the Directory Administration->Modify Object tab and select the LDAP group object through the object browser and click ‘OK’.
- You can see that “Require TLS for Simple Binds with Password” option is enabled.
- Un-check that and click Apply/OK.
- Now ldap operations over the clear text layer can proceed.