[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem accessing via TLS

To: "Robert Fitzpatrick" <lists@webtent.net>
Subject: Re: Problem accessing via TLS
From: "matthew sporleder" <msporleder@gmail.com>
Date: Sun, 2 Apr 2006 15:36:12 -0400
Cc: OpenLDAP <openldap-software@OpenLDAP.org>
Content-disposition: inline
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=KcnLycsQGnuDktSMQjWTiA2abxbM01o/N8i3mA776rz1on76FUZNwDrbsGJOhVyXERCpt8LM/IMPAuJNYytYyhMeJaCW44wF9kTXPSnUNHIyA10CwhDcxU+yqwaQ47dHKUvU2DUnCgtIkeHRaLTZuyO37D36cfd1MFNCTCuWpKU=
In-reply-to: <1143992942.24529.4.camel@columbus.webtent.org>
References: <1143992942.24529.4.camel@columbus.webtent.org>

Are you sure client one (genoa) can get to port 636 on your server? 
Try getting there with a telnet.

On 4/2/06, Robert Fitzpatrick <lists@webtent.net> wrote:
> I posted this a week or more ago, but had to leave town and not able to follow up.
>
> Don't know what I'm doing wrong with this one server, wondering if
> someone could tell me what I am not thinking of...
>
> I have two clients on the same network trying to connect to an off
> network server using TLS. Running the same command on both is successful
> on one and not on the other. So, I copied the ldap.conf file AND the
> cacert.pem file to the problem client with no help. I tried -ZZ and '-H
> ldaps://servername:636/' options, while these work flawlessly from one
> cient, the second cannot connect using the exact same command with the
> exact same CA cert and ldap.conf files. Accessing the ldap server
> without TLS works fine on both clients. Clients are FreeBSD 5.4 and
> FreeBSD 6.0 servers with openldap 2.2.30 client port packages installed.
> If the CA cert and ldap.conf has been tested to work OK, what else
> should I be considering when trying to connect via TLS? I get no issues
> in the debug.log of the server or client machine.
>
> >From client one:
> genoa# ldapsearch -xZZ -h directory.webtent.net -b "dc=webtent,dc=net" "(uid=robert)" mail
> ldap_start_tls: Connect error (-11)
> genoa# ldapsearch -x -H ldaps://directory.webtent.net:636/ -b "dc=webtent,dc=net" "(uid=robert)" mail
> ldap_bind: Can't contact LDAP server (-1)
> genoa# ldapsearch -x -h directory.webtent.net -b "dc=webtent,dc=net" "(uid=robert)" mail
> # extended LDIF
> #
> # LDAPv3
> # base <dc=webtent,dc=net> with scope sub
> # filter: (uid=robert)
> # requesting: mail
> #
>
> # Robert Fitzpatrick, People, webtent.net
> dn: cn=Robert Fitzpatrick,ou=People,dc=webtent,dc=net
> mail: robert@webtent.com
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> >From client two:
> esmtp# ldapsearch -x -H ldaps://directory.webtent.net:636/ -b "dc=webtent,dc=net" "(uid=robert)" mail
> # extended LDIF
> #
> # LDAPv3
> # base <dc=webtent,dc=net> with scope sub
> # filter: (uid=robert)
> # requesting: mail
> #
>
> # Robert Fitzpatrick, People, webtent.net
> dn: cn=Robert Fitzpatrick,ou=People,dc=webtent,dc=net
> mail: robert@webtent.com
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 2
> # numEntries: 1
>
> --
> Robert
>

References:
- Problem accessing via TLS
  - From: Robert Fitzpatrick <lists@webtent.net>

Prev by Date: Problem accessing via TLS
Next by Date: Re: Problem accessing via TLS
Index(es):
- Chronological
- Thread