hi !
I've got a problem in the configuration of OpenLdap to
manage SSL connections, when I try to test this
connection with the ldapadd command, I've got the
following output :
---------------------------------------------------------------------------------
ldapadd -x -D "cn=Manager,dc=localhost" -W -f
init.ldif -H ldaps://localhost
Enter LDAP Password:
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
-----------------------------------------------------------------------------------
the problem is that it doesn't seem to be a domain
name or certificate problem, indeed when I test the
connection withe the openssl command using the same
certificates as the ones in ldap.conf ,it seems it's
working :
-----------------------------------------------------------------------------------
openssl s_client -connect localhost:636 -state
\-CAfile
/home/certs/cacert.pem \-cert
/home/certs/ldap.client.cert.pem \-key
/home/certs/keys/ldap.client.key.pem
I think that it's a problem in the ldap.conf file, but
I checked it and did not find any mistake, I attached
to this message my ldap.conf and slapd.conf files
If anyone can see a solution to this problem I'll be
really grateful
Thanks
------slapd.conf-----------------
# CA signed certificate and server cert entries:
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCACertificateFile
/usr/local/var/openldap-data/cacert.pem
TLSCertificateFile
/usr/local/var/openldap-data/servercrt.pem
TLSCertificateKeyFile
/usr/local/var/openldap-data/serverkey.pem
TLSVerifyClient demand
----ldap.conf-------
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world
writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com
ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
HOST localhost
PORT 636
TLS_CACERT /home/certs/cacert.pem
TLS_REQCERT demand
TLS_CERT /home/certs/ldap.client.cert.pem
TLS_KEY /home/certs/keys/ldap.client.key.pem