Re: Ldap and TLS

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Fri, Nov 07, 2003 at 02:13:27PM +0200, Bart Bekker wrote:

> I have been trying for days now to ger LDAP going with TLS, for use with
> Samba, but something keeps on going wrong at the moment I put the TLS
> options in the slapd.conf file.

It would be useful to see the relevant lines from that file.

> In /var/log/messages I see this:

> Nov  7 13:56:15 linux slapd[31289]: daemon: socket() failed errno=97
> (Address family not supported by protocol)

Ignore that - slapd is trying to bind to an IPv6 address.

> Nov  7 13:56:15 linux slapd[31289]: main: TLS init def ctx failed: -1

OK - certainly a TLS problem there.

> I ran strace and got this:

...

> open("/usr/local/etc/openldap/arcos-cert.pem", O_RDONLY) = 7
> fstat64(7, {st_mode=S_IFREG|0644, st_size=513, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x40016000
> read(7, "-----BEGIN CERTIFICATE REQUEST--"..., 4096) = 513

Now that might be relevant: it looks as if you have given slapd a
Certificate Signing Request where it actually want a certificate.
Check the contents of the files that you reference in the config file.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------