[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4144) Strange problem in client libs with SSL connect

Is this a failing RE23 client? (I'm not familiar with web2ldap; this could
be a lot easier to understand if this was reproduced solely using OpenLDAP
software e.g. ldapsearch(1)). Regardless, the TLS connection (and, as you
say, the CA configuration) to SunONE appears capable of working at least
some of the time; otherwise the encrypted
> 'vendorName': ['Sun Microsystems, Inc.']})], 2, [])
would not come out so nicely.

Now, I doubt that's a fully working application. As you've observed, what
you're connecting to (i.e. "ldap.e.c" or "directory.e.c") and the CN in
the cert

> TLS: hostname (ldap.example.com) does not match common name in
> certificate (directory.example.com).

must match. You need to find whatever is referring to ldap.example.com and
get that changed to directory.e.c.

> LDAPError - INSUFFICIENT_ACCESS: {'info': 'Search not permitted for
> that subtree', 'desc': 'Insufficient access'}

also seems suspicious. Either there's an incompatibilty, you're not
searching for the right thing (and/or as the right identity), or the
server ACLs are inappropriate. I'd try and get that worked out once you
get the hostname issues fixed.

I'd consider those the topmost two issues. If you can get those out of the
way, and post some logs showing TLS still being an issue on some
connections (preferably using only OpenLDAP software), it might be
possible to discern what's wrong. But it's hard to debug when three things
are strange at once.