Re: OpenLDAP with tsl/ssl (repost - smtp problem)

[Prune <prune@lecentre.net>]

Hi,

Susanne Benkert wrote:

>Hi,
>
>thanks for your mail.
>
>I created a new certificate with the full FQDN (hostname.testfirma.de) -
>but nothing really changed.
>
you mean when usong ldapsearch localy ?
as kyle said, 'which ldapsearch' ?

>I ldapsearch with just one '-Z' (not '-ZZ') like :
>
>ldapsearch -H ldaps://bjork.admin.kapt.com  -b "dc=kaptech,dc=com" -D
>"cn=manager,dc=kaptech,dc=com" -w password
>or
>ldapsearch -H ldap://bjork.admin.kapt.com  -b "dc=kaptech,dc=com" -D
>"cn=manager,dc=kaptech,dc=com" -w password -Z
>
>
>This seems to be my problem: i can't use the options -H or -Z from
>remote host. This always cause an error "Invalid option -H". (From local
>host everything is running fine.) My PHP seems to have a problem with
>using the URI instead of the hostname too. Even when I use "ldap_connect
>("ldap://FQDN";)" the script can't connect the LDAP server. But it's PHP
>4.0.6, so it should be able to handle URIs.
>
I think so... never had time to try php and ldaps yet :)


Do you have a local firewall on the host ? try to telnet to port 636
first (not from the local host), and see the logs on the Ldap host. You
can also snoop or tcpflow port 636 and 389...

be sure to use a good ldap tool suite (last openldap... :)

Cheers,

Prune