[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: win2k, outlook express, stunnel problem



 
I seemed to have solved my own problem.
outlook express on win2k will not trust self-generated test certs
so u need to install them. (do a "https://<ldap.server>:636" with IE)
or buy and use one of those certs issued by the standard trusted CA
 
thanks for the time....
taipang
 
----- Original Message -----
Sent: Monday, November 13, 2000 5:11 PM
Subject: win2k, outlook express, stunnel problem

Hi,
 
I have a problem which i had not been able to find in any mailing list before.
I setup my openldap 2.0.6 on FreeBSD with stunnel-3.8.4
access to ldap is authenticated using {UNIX}uid and /etc/passwd file
 
The problem occurs when we try to connect to the ldap
using outlook express on win2k. SSL (port 636) option is checked.
errror msg is "The specified directory service could not be reached"
Doing exactly the same thing on win98 with the exact config
returns the proper data.
 
However, if we run a stunnel client on the win2k client machine (-d localhost -r ldap-server:636)
we will be able to connect/bind/retrieve the data.
 
Any help/suggestions appreciated.
thanks.
 
 
stunnel is started by:
/usr/local/sbin/stunnel -P /var/run/ -p /usr/certs/ldap.pem -d ldaps -r localhost:ldap
below is the dump using slapd -d 256
 
under win98, outlook express 5.5               
 
daemon: conn=0 fd=9 connection from IP=127.0.0.1:1027 (IP=:: 389) accepted.
conn=0 op=0 BIND dn="CN=TAIPANG,DC=I-DNS,DC=NET" method=128
ber_flush: 14 bytes to sd 9
conn=0 op=0 RESULT tag=97 err=0 text=
conn=0 op=1 SRCH base="dc=i-dns,dc=net" scope=2 filter="(|(mail=taipang*)(|(cn=taipang*)(|(sn=taipang*)(givenName=taipang*))))"
ber_flush: 116 bytes to sd 9
ber_flush: 14 bytes to sd 9
conn=0 op=1 SEARCH RESULT tag=101 err=0 text=
conn=0 op=2 UNBIND
conn=-1 fd=9 closed
under win2k, outlook express 5.5
 
daemon: conn=0 fd=9 connection from IP=127.0.0.1:1029 (IP=:: 389) accepted.
 

Attachment: smime.p7s
Description: S/MIME cryptographic signature