[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldaps: not working, RH7.2,OpenLDAP 2.0.21

To: "Carl J Meyer" <carljm@goshen.edu>, openldap-software@OpenLDAP.org
Subject: Re: ldaps: not working, RH7.2,OpenLDAP 2.0.21
From: Karsten Künne <kuenne@rentec.com>
Date: Wed, 30 Jan 2002 17:19:10 -0500
In-reply-to: <Pine.LNX.4.44.0201301621470.6353-100000@mennonet1.goshen.edu>
Organization: Renaissance Technologies
References: <Pine.LNX.4.44.0201301621470.6353-100000@mennonet1.goshen.edu>

On Wednesday 30 January 2002 16:34, Carl J Meyer wrote:
| I've compiled my own OpenLDAP 2.0.21 on RedHat 7.2 with the RPM version of
| OpenSSL-0.9.6b-8.  I can connect to LDAP just fine using the Start_TLS
| method (ie with -ZZ on the commandline of ldapsearch, connecting to port
| 389), but I cannot connect to ldaps: (port 636) at all - it simply
| says "Can't contact LDAP server" and nothing shows up in the logs.
|  Telnetting to port 636 shows that there is simply
| no service running there - the connection is refused.
|
| The only error I get when slapd starts up is "socket() failed errno=97
| (Address family not supported by protocol)".  For a while I thought
| that was the problem, but I found in the FAQ that that error is just
| from not having IPv6 in my kernel and it shouldn't be related.
|
| I don't have a firewall running AFAIK (unless its something funky that
| RedHat does) - no ipchains anywhere, and I compiled my own
| kernel without netfilter.
|
| The reason I need ldaps:// instead of just Start_TLS is that I need to use
| LDAP with PHP4, which as far as I can tell only supports the ldaps://
| method. If anyone knows of a way to make PHP do Start_TLS then I can be
| satisfied without ldaps://.
|

Starttls should work in PHP 4.0.6 according to Stig's comment:

ID: 13278
Updated by: venaas
Reported By: kuenne@rentec.com
Old Status: Open
Status: Closed
Bug Type: LDAP related
Operating System: Solaris 7
PHP Version: 4.0.6
Assigned To: venaas
New Comment:

I have now added only the ldap_start_tls() function
and it seems to work. To use it you must do something
like:

$ds=ldap_connect($host);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_start_tls($ds);
ldap_bind($ds, $dn, $pwd);

It is essential to use LDAPv3 and v2 is default.

| If it matters, here was my configure line for openLDAP:
|
| ./configure --prefix=/usr/local --enable-syslog --enable-cache \
| --with-cyrus-sasl --with-tls --enable-wrappers --with-ldbm
|
| I don't think TCP wrappers should be causing any problem, because connects
| work fine on port 389.  I've also tried both starting slapd without the -h
| option, and starting it with "-h ldap:/// ldaps:///".
|
| Anyone have any ideas why slapd isn't accepting connections on port 636?
|  TIA for any help...
|
| Carl

-- 
Karsten.

"Things should be made as simple as possible, but not any simpler."
  -Albert Einstein

References:
- ldaps: not working, RH7.2,OpenLDAP 2.0.21
  - From: "Carl J Meyer" <carljm@goshen.edu>

Prev by Date: Re: ldaps: not working, RH7.2,OpenLDAP 2.0.21
Next by Date: Re: C programming with OpenLDAP
Index(es):
- Chronological
- Thread