[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: trying to get tls working

Thank you.

/usr/local/libexec/slapd -d 1 -h "ldap:/// ldaps:///"
@(#) $OpenLDAP: slapd 2.X (Mon Aug 27 16:03:39 EDT 2001) $
daemon_init: listen on ldap:///
daemon_init: listen on ldaps:///
daemon_init: 2 listeners to open...
daemon: socket() failed errno=97 (Address family not supported by
daemon: initialized ldap:///
daemon: socket() failed errno=97 (Address family not supported by
daemon: initialized ldaps:///
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
slapd startup: initiated.
slapd starting

and then when i try to connect w/gq i get:

ldap_pvt_gethostbyname_a: host=cderr, r=0
connection_get(16): got connid=0
connection_read(16): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
connection_read(16): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=16 for close
connection_close: conn=0 sd=16

Thank you for any and all suggestions as to what i should change to get
tls successfully working,

> "Chapman, Kyle" wrote:
> try /usr/local/libexec/slapd -d 1 -h "ldaps:/// ldap:///";
> and then connect with gq and see what errors show up with slapd...
> -----Original Message-----
> From: charlie derr [mailto:cderr@simons-rock.edu]
> Sent: Tuesday, August 28, 2001 11:26 AM
> To: openldap-software@OpenLDAP.org
> Subject: trying to get tls working
> Apologies for sending this message to the wrong list the first time.
> I'm a rank newbie at this ldap stuff, so take that into consideration
> as
> you read my comments.
> I grabbed code from CVS (cvs -z3 checkout -P ldap) and built it using
> --with-tls --with-cyrus-sasl.  Everything seemed to go fine.  However,
> when i start with:
> /usr/local/libexec/slapd -h "ldaps:///"
> i am not able to connect with either gq or the java ldapbrowser (i'd
> be
> happy to try a different mechanism if someone wants to suggest another
> browser or a command line that i can use to check).  I would think
> that
> gq or the java ldapbrowser would be sufficient -- i found (and
> enabled)
> the option in both programs to "use tls".
> When i nmap myself, I can see that port 636 is open.
> If i start using:
> /usr/local/libexec/slapd -h "ldap:/// ldaps:///"
> i can successfully connect to the server on port 389 (without tls),
> but
> again i have no luck with the tls connection to port 636.
> Has anyone else had success with this?
> I can build without the cyrus-sasl if someone thinks that this will
> help
> figure out the problem.   Please let me know what else I can do to try
> to figure this out.
>         thanx very much,
>                 ~c