[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Windows [ERROR 81] Can't contact LDAP server ???



   I have the same problema than you and I don't know what's happennig. My
server log tells me:

connection_get(10): got connid=1
connection_read(10): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:565
connection_read(10): TLS accept error error=-1 id=1, closing

  It's the same I saw when I tried to use "ldapsearch -h mydomain.com -p 636"
instead "ldapsearch -H ldaps://mydomain.com:636". I think windows is not
using SSL as it should be, but I'm not very sure.

  I will thank any kind of information about it (other than use the netscape
SDK).


On 05 de abr de 2002, a las 10:53 -0500, Frank Swasey wrote:
> I am very confused.  I have set up an openldap 2.0.11 server on RedHat
> 7.2 and have just stumbled on this problem.
> 
> My windows clients (Outlook, Softerra LDAP Browser 2.2) are able to
> connect to and use the LDAP server unless I configure them to use SSL.
> I am able to use SSL from another RedHat (7.1) system with ldapsearch.
> 
> Running slapd with the -d -1 parameter, I can see that the RedHat client
> continues the SSL negotiation after being asked for a certificate (does
> a key exchange) but it appears the Windows clients just close the
> connection and throw the ERROR 81 message at the user when requested to
> send their certificate for SSLv3...
> 
> Is there any change I can make to either the windows clients or the
> server to allow this SSL negotiation to work?
> 
> Here's the TLS entries from my slapd.conf:
> 
> TLSCertificateFile	/usr/share/ssl/certs/ldap.pem
> TLSCertificateKeyFile	/usr/share/ssl/certs/ldap.key
> TLSCACertificateFile	/usr/share/ssl/certs/ldap.pem
> 
> The ldap.pem and ldap.key files were generated with the command:
> 
> openssl req -new -x509 -nodes -out ldap.pem -keyout ldap.key -days 365
> 
> Before you ask why not 2.0.23, 2.0.11 was the last release that the
> cn=Monitor patch will work against -- I am told I need that to get
> Steltor's corporate time calendar product working (at least until
> version 6 is released) with OpenLDAP.
> 
> Thanks,
> -- 
> Frank Swasey                    | http://www.uvm.edu/~fcs
> Systems Programmer              | Always remember: You are UNIQUE,
> University of Vermont           |    just like everyone else.
>                     === God Bless Us All ===
> 

-- 
                                               Guillermo.
-----------------------------------------------------------
  ()  ascii ribbon campaign - against html mail 
  /\                        - against microsoft attachments
-----------------------------------------------------------