[Date Prev][Date Next] [Chronological] [Thread] [Top]

netscape client, authenticated bind over ssl



Hello...

I am running openldap 2.0.18 with TLS/SSL on Solaris 8.

SSL/TLS seems to be working properly, because I can bind over either SSL
or TLS using the ldapsearch command line client:

  ldapsearch -x -D "myDN" -W -b "myBASE" -LLL -h myHOST -ZZ "myFILTER"
   and
  ldapsearch -x -D "myDN" -W -b "myBASE" -LLL -H ldaps://myHOST/
"myFILTER"

When I try to use Netscape's (4.79) directory client, though, an odd
thing occurs.  I can successfully connect and search:
  -anonymously over 389
  -authenticated over 389
  -anonymously over 636

But, when I try to connect authenticated over 636 I get the error:
  Failed to search '<directory>' due to LDAP error 'Referral hop limit
exceeded' (0x61)

The ldap log (debug level 256) shows
Jan 31 09:29:23 <host> slapd[20357]: [ID 293980 local4.debug] daemon:
conn=17 fd=9 connection from IP=<clientIP>:2129 (IP=<hostIP>:636)
accepted.
Jan 31 09:29:23 <host> slapd[20357]: [ID 149773 local4.debug] conn=17
op=0 BIND dn="" method=128
Jan 31 09:29:23 <host> slapd[20357]: [ID 923667 local4.debug] conn=17
op=0 RESULT tag=97 err=0 text=
Jan 31 09:29:28 <host> slapd[20357]: [ID 720174 local4.debug] conn=17
op=1 UNBIND
Jan 31 09:29:28 <host> slapd[20357]: [ID 979422 local4.debug] conn=-1
fd=9 closed

>From the server's point of view it looks like a successful anonymous
bind (in preparation to search on the mail address to get the DN in
order to perform the auth bind...), followed by and UNBIND and no more
communication...

This issue was also raised in October 2000 starting in msg00494
(http://www.openldap.org/lists/openldap-software/200010/msg00494.html)
but I did not see any resolution on the list.  Forgive me if I
overlooked something.

-steve