[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can't contact LDAP server

To: <openldap-software@OpenLDAP.org>
Subject: Re: Can't contact LDAP server
From: Asif Iqbal <iqbala@qwestip.net>
Date: Fri, 7 Nov 2003 01:57:59 -0500 (EST)
In-reply-to: <Pine.GSO.4.30L2.0311062214010.6916-100000@qmail>

If I don't declare the host and port

/usr/local/bin/ldapsearch -d 9 -x -ZZ -b 'dc=qwestip,dc=net' '(objectclass=*)'

I get the real error message

[....]
ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 19, subject:
/C=US/ST=VA/L=Arlington/O=Qwest
Communications/OU=IPNNS/CN=Systems/emailAddress=systems@qwestip.net, issuer:
/C=US/ST=VA/L=Arlington/O=Qwest
Communications/OU=IPNNS/CN=Systems/emailAddress=systems@qwestip.net
TLS certificate verification: Error, self signed certificate in certificate
chain
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect.
ldap_perror
ldap_start_tls: Connect error (91)
        additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

This is my first time trying to use Secure LDAP

Any help with this is greatly appreciated

-- 
Asif Iqbal
http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x8B686E08
There's no place like 127.0.0.1

On Thu, 6 Nov 2003, Asif Iqbal wrote:

> Hi All
>
> I finally got my secure openldap installed per
> http://www.bolthole.com/solaris/LDAP.html by Philip Brown.
>
> Thanks a lot to him.
>
> However now I am getting an error while trying to search against secure ldap.
> Here is the debug output
>
> (root)@scrub:~# /usr/local/bin/ldapsearch -d 9 -h scrub -p 636 -x -ZZ -b
> 'dc=qwestip,dc=net' '(objectclass=*)'
>
> ldap_create
> ldap_extended_operation_s
> ldap_extended_operation
> ldap_send_initial_request
> ldap_new_connection
> ldap_int_open_connection
> ldap_connect_to_host: TCP scrub:636
> ldap_new_socket: 4
> ldap_prepare_socket: 4
> ldap_connect_to_host: Trying 208.47.0.94:636
> ldap_connect_timeout: fd: 4 tm: -1 async: 0
> ldap_ndelay_on: 4
> ldap_ndelay_off: 4
> ldap_open_defconn: successful
> ldap_send_server_request
> ber_flush: 31 bytes to sd 4
> ldap_result msgid 1
> ldap_chkResponseList for msgid=1, all=1
> ldap_chkResponseList returns NULL
> wait4msg (infinite timeout), msgid 1
> wait4msg continue, msgid 1, all 1
> ** Connections:
> * host: scrub  port: 636  (default)
>   refcnt: 2  status: Connected
>   last used: Thu Nov  6 22:18:58 2003
>
> ** Outstanding Requests:
>  * msgid 1,  origid 1, status InProgress
>    outstanding referrals 0, parent count 0
> ** Response Queue:
>    Empty
> ldap_chkResponseList for msgid=1, all=1
> ldap_chkResponseList returns NULL
> ldap_int_select
> read1msg: msgid 1, all 1
> ber_get_next
> ber_get_next failed.
> ldap_perror
> ldap_start_tls: Can't contact LDAP server (81)
>
>
> I am still newbie with ldap. Anyone could help me figure out why ldapsearch
> could not contact the server ?
>
> Thanks to all for your support again
>

Follow-Ups:
- Re: Can't contact LDAP server
  - From: Asif Iqbal <iqbala@qwestip.net>

References:
- Can't contact LDAP server
  - From: Asif Iqbal <iqbala@qwestip.net>

Prev by Date: Can't contact LDAP server
Next by Date: Re: Can't contact LDAP server
Index(es):
- Chronological
- Thread