[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: openldap SSL/TLS problem



You are correct. My mistake - my apologies.

LDAPSEARCH -d9 -H 'ldaps...' clearly shows SSL handshake processing
as well as successful search results.


On 30 Aug, Nels Lindquist wrote:
> On 30 Aug 2001 at 14:35, jimd@siu.edu wrote:
> 
>> LDAPSEARCH doesn't support LDAPS but does support TLS via the '-Z'
>> parameter.
> 
> I beg to differ.  I'm able to perform the same search using either
> "ldapsearch -h hostname -Z [filter]" or "ldapsearch -H
> "ldaps://hostname [filter]". ---- Nels Lindquist <*> Information
> Systems Manager Morningstar Air Express Inc.
> 


ldapsearch -d9 -H 'ldaps://<remote host>:637' -D "" -b <baseDN>
 cn=jimd drink

ldap_create
ldap_url_parse(ldaps://<remote host>:637)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying <remote host>:637
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1,
 subject: /C=US/ST=.../L=.../O=.../
   OU=<remote host> - Certificate Authority/
   CN=<remote host>/Email=<mailbox>,
 issuer: /C=US/ST=.../L=.../O=.../
   OU=<remote host> - Certificate Authority/
   CN=<remote host>/Email=<mailbox>
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_delayed_open successful, ld_host is (null)
ldap_send_server_request
ber_flush: 31 bytes to sd 3
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: <remote host>  port: 637  (default)
  refcnt: 2  status: Connected
  last used: Fri Aug 31 05:39:03 2001

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_search_ext
put_filter "cn=jimd"
put_filter: default
put_simple_filter "cn=jimd"
ldap_send_initial_request
ldap_send_server_request
ber_flush: 56 bytes to sd 3
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: <remote host>  port: 637  (default)
  refcnt: 2  status: Connected
  last used: Fri Aug 31 05:39:04 2001

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid -1, all 0
ber_get_next
ber_get_next: tag 0x30 len 98 contents:
ldap_read: message type search-entry msgid 2, original id 2
ldap_get_dn
ber_scanf fmt ({a) ber:
ldap_dn2ufn
ber_scanf fmt ({xx) ber:
ldap_first_attribute
ber_scanf fmt ({xl{) ber:
ber_scanf fmt ({ax}) ber:
ldap_get_values_len
ber_scanf fmt ({x{{a) ber:
ber_scanf fmt ([V]) ber:
ldap_next_attribute
ldap_msgfree
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: <remote host>  port: 637  (default)
  refcnt: 2  status: Connected
  last used: Fri Aug 31 05:39:04 2001

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid -1, all 0
ber_get_next
ber_get_next: tag 0x30 len 49 contents:
ldap_read: message type search-reference msgid 2, original id 2
ber_scanf fmt ({v) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_result msgid -1
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid -1
wait4msg continue, msgid -1, all 0
** Connections:
* host: <remote host>  port: 637  (default)
  refcnt: 2  status: Connected
  last used: Fri Aug 31 05:39:04 2001

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=-1, all=0
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid -1, all 0
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
ldap_read: message type search-result msgid 2, original id 2
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 2
request 2 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_err2string
ldap_unbind
ldap_free_connection
ldap_send_unbind
ber_flush: 7 bytes to sd 3
ldap_free_connection: actually freed
TLS trace: SSL3 alert write:warning:close notify
version: 2

#
# filter: cn=jimd
# requesting: drink 
#

# Jim Dutton,<other stuff>,<baseDN>
dn: cn=Jim Dutton,<other stuff>,<baseDN>
drink: Dad's Root Beer

# search reference
ref: ldap://<another remote host>:389/l=Our%20City

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 1
# numReferences: 1