[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with connecting via SSL from remote host

To: Alex Page <alex.page@cancer.org.uk>
Subject: Re: Problem with connecting via SSL from remote host
From: suomi hasler <schlubediwup@ayni.com>
Date: Mon, 20 Oct 2003 19:31:31 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20031020114132.GA17048@halcyon.ox.icnet.uk>
References: <20031020114132.GA17048@halcyon.ox.icnet.uk>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030507

do you have something similar to

# TLS
TLSCertificateFile /usr/local/openldap/cert/ldap.cert.pem
TLSCertificateKeyFile /usr/local/openldap/cert/ldap.cert.key
TLSCACertificateFile /etc/ssl/certs/ca-cert.pem
TLSVerifyClient never


in your slapd.conf?

suomi

Alex Page wrote:

I've set up an LDAP server which I'm currently only using for NIS and
PAM. I'm trying to get a second machine on the same LAN to talk to it,
and while everything is working fine over normal LDAP, I get an error
with LDAPS.
$ ldapsearch -H ldap://halcyon.ox.icnet.uk/ -D 'cn=admin,dc=ox,dc=icnet,dc=uk' -x -W
works fine on the local host and on the remote host, but
$ ldapsearch -H ldaps://halcyon.ox.icnet.uk/ -D 'cn=admin,dc=ox,dc=icnet,dc=uk' -x -W
gives me the error "ldap_bind: Can't contact LDAP server" on the remote
host. Now, I've checked on the list archives and Google to see what
might be wrong, and I'm sure that (a) I'm using the FQDN of the LDAP
server for the SSL certificate, and that (b) there's no issues with
hosts.allow or hosts.deny which would prevent a connection being made.
Indeed, debugging the call makes it look like there is a connection
being established, judging by the following lines:
** Connections:
* host: halcyon.ox.icnet.uk  port: 636  (default)
 refcnt: 2  status: Connected
 last used: Mon Oct 20 10:28:41 2003
However, after this, I get the following:
ber_get_next
ldap_perror
ldap_bind: Can't contact LDAP server
I've attached a more full version of this output in case it's handy. Can
anybody help me with this?
Alex
------------------------------------------------------------------------
$ ldapsearch -H ldaps://halcyon.ox.icnet.uk/ -D 'cn=admin,dc=ox,dc=icnet,dc=uk' -x -W -d 69 ldap_create ldap_url_parse_ext(ldaps://halcyon.ox.icnet.uk/) Enter LDAP Password: ldap_bind_s ldap_simple_bind_s ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_new_connection ldap_int_open_connection ldap_connect_to_host: halcyon.ox.icnet.uk ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 143.65.27.48:636 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_ndelay_on: 3 ldap_is_sock_ready: 3 ldap_ndelay_off: 3 ldap_int_sasl_open: host=halcyon.ox.icnet.uk ldap_open_defconn: successful ldap_send_server_request ber_flush: 43 bytes to sd 3 ldap_result msgid 1 ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL wait4msg (infinite timeout), msgid 1 wait4msg continue, msgid 1, all 1 ** Connections: * host: halcyon.ox.icnet.uk port: 636 (default) refcnt: 2 status: Connected last used: Mon Oct 20 10:28:41 2003

** Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL do_ldap_select read1msg: msgid 1, all 1 ber_get_next ldap_perror ldap_bind: Can't contact LDAP server

Follow-Ups:
- Re: Problem with connecting via SSL from remote host
  - From: Alex Page <alex.page@cancer.org.uk>

References:
- Problem with connecting via SSL from remote host
  - From: Alex Page <alex.page@cancer.org.uk>

Prev by Date: Re: Importing from Sun ONE Directory server
Next by Date: Install Help
Index(es):
- Chronological
- Thread