[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldaps: not working, RH7.2,OpenLDAP 2.0.21

I've compiled my own OpenLDAP 2.0.21 on RedHat 7.2 with the RPM version of
OpenSSL-0.9.6b-8.  I can connect to LDAP just fine using the Start_TLS
method (ie with -ZZ on the commandline of ldapsearch, connecting to port
389), but I cannot connect to ldaps: (port 636) at all - it simply
says "Can't contact LDAP server" and nothing shows up in the logs.
 Telnetting to port 636 shows that there is simply
no service running there - the connection is refused.  

The only error I get when slapd starts up is "socket() failed errno=97
(Address family not supported by protocol)".  For a while I thought
that was the problem, but I found in the FAQ that that error is just
from not having IPv6 in my kernel and it shouldn't be related.

I don't have a firewall running AFAIK (unless its something funky that
RedHat does) - no ipchains anywhere, and I compiled my own
kernel without netfilter.

The reason I need ldaps:// instead of just Start_TLS is that I need to use
LDAP with PHP4, which as far as I can tell only supports the ldaps:// method.
 If anyone knows of a way to make PHP do Start_TLS then I can be satisfied
without ldaps://.

If it matters, here was my configure line for openLDAP:

./configure --prefix=/usr/local --enable-syslog --enable-cache \
--with-cyrus-sasl --with-tls --enable-wrappers --with-ldbm

I don't think TCP wrappers should be causing any problem, because connects
work fine on port 389.  I've also tried both starting slapd without the -h
option, and starting it with "-h ldap:/// ldaps:///".

Anyone have any ideas why slapd isn't accepting connections on port 636?
 TIA for any help...