[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap-ssl trouble .....

Hello everybody !

Here is my compilation :

#> CPPFLAGS=-I/usr/local/openssl-0.9.6/include
#> export CPPFLAGS
#> LDFLAGS=-L/usr/local/openssl-0.9.6/lib-dir
#> export LDFLAGS
#> configure --prefix =/usr/local/Ldap-srv --with-tls
#> make depend / make / make install

First working with standard ldap://
I 've created the database and import it in ldif format....
Some search request... everything's fine !!! :o)

Then decide to turn server to ldap-ssl
I create the key

#>  openssl req -nodes -new -x509 -keyout MyCAkey.pem -out MyCAcert.pem

And I add the lines in slapd.conf

TLSCertificateFile      /usr/local/LDAP-SRV/key/MyCAcert.pem
TLSCertificateKeyFile   /usr/local/LDAP-SRV/key/MyCAkey.pem

#>./slapd -d 1 -h "ldap://neon.sunflo.fr ldaps://neon.sunflo.fr"

The server start correctly :

@(#) $OpenLDAP: slapd 2.0.21-Release (mer fév  6 10:13:12 CET 2002) $
daemon_init: listen on ldap://neon.sunflo.fr
daemon_init: listen on ldaps://neon.sunflo.fr
daemon_init: 2 listeners to open...
daemon: initialized ldap://neon.sunflo.fr
daemon: initialized ldaps://neon.sunflo.fr
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
slapd startup: initiated.
slapd starting

And with netstat command i see that the 636 and 389 port are effectively

When i try a search in the non-secure server everything is OK !

BUT when i try a search on the secure server
( ldap.conf : HOST : neon.sunflo.fr:636 )

#> ldapsearch -x -Z -b o=societe.fr sn=Wayne

the client respond it can't contact the server and i get this trace errors :

ldap_pvt_gethostbyname_a: host=neon, r=0
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
connection_read(9): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=9 for close
connection_close: conn=0 sd=9

Note : The result is the same when I contact it from a php page...
( php compiled with ldap3.3 and openssl )

I take a quick look to the file s23_srvr.c on line 557....I'm not really
in C but it seems that he's not able to determine the version of TLS or SSL
or something of that stuff...

Has anybody any idea of what i should do to fix the problem ????
Thanks a lot !