[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP - Re: Outlook/Outlook Express & ldaps://

Here are my TLS settings.

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
TLSCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
TLSCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
TLSVerifyClient 0

One thing also that I would like to mention is that Björn Fernhomberg
suggested the following:

>Are you using a self-signed certificate on the server?
>If you certificate isn't signed by a M$ known CA, Outlook (Express)
>will not connect.
>To make this work you have to import your Certificate using Internet
>Explorer.
>
>To do this, enter "https://your.server:636"; as URL and import the cert.
>Having done this, Outlook should connect using ldaps.

Since I have a self signed certificate I tried this and it worked...
except it only worked only for Outlook Express.  Outlook XP still fails
to connect to the LDAP address book with the same error.  Any help would
be much appreciated.

Thanks
Amith

On Thu, 2002-04-25 at 20:46, x509security.com wrote:
> Are you attempting to use client authentication ?
> 
> Send me your tls settings in sldapd.conf
> 
> Oliver
> 
> 
> ----- Original Message -----
> From: "Amith Varghese" <amith@xalan.com>
> To: "Oliver Bode" <oliver@x509security.com>
> Cc: <openldap-software@OpenLDAP.org>
> Sent: Friday, April 26, 2002 1:03 AM
> Subject: LDAP - Re: Outlook/Outlook Express & ldaps://
> 
> 
> > Just to give you some more info i'm running $OpenLDAP: slapd
> > 2.0.23-Release.
> >
> > As I mentioned before when I use Outlook to connect to my address book
> > on port 389 I have no problems.  But when I check the SSL box (and make
> > sure the port is 636) I get the following error from Outlook
> >
> > Can't Contact LDAP Directory Server (81)
> >
> > I ran slapd in debug mode and I get the following error messages
> >
> > TLS trace: SSL_accept:SSLv3 flush data
> > tls_read: want=5 error=Resource temporarily unavailable
> > TLS trace: SSL_accept:error in SSLv3 read client certificate A
> > TLS trace: SSL_accept:error in SSLv3 read client certificate A
> > daemon: select: listen=6 active_threads=0 tvp=NULL
> > daemon: select: listen=7 active_threads=0 tvp=NULL
> > daemon: activity on 1 descriptors
> > daemon: activity on: 10r
> > daemon: read activity on 10
> > connection_get(10)
> > connection_get(10): got connid=4
> > connection_read(10): checking for input on id=4
> > tls_read: want=5, got=0
> >
> > TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> > TLS: can't accept.
> > connection_read(10): TLS accept error error=-1 id=4, closing
> > connection_closing: readying conn=4 sd=10 for close
> > connection_close: conn=4 sd=10
> > daemon: removing 10
> >
> > I'm running OpenLDAP with the following command
> >
> > /usr/local/libexec/slapd -h "ldap:/// ldaps:///"
> >
> > Any ideas about why this is happening?
> >
> > Thanks
> > Amith
> >
> >
> > On Wed, 2002-04-24 at 22:59, Oliver Bode wrote:
> > > Hello,
> > >
> > > I can connect no problems using Outlook Express Address book via
> ldaps://
> > >
> > > What are the errors - have you got the right port for ldaps?
> > >
> > > Oliver
> > >
> > > ----- Original Message -----
> > > From: "Amith Varghese" <amith@xalan.com>
> > > To: <openldap-software@OpenLDAP.org>
> > > Sent: Thursday, April 25, 2002 2:28 PM
> > > Subject: LDAP - Outlook/Outlook Express & ldaps://
> > >
> > >
> > > > Has anyone successfully used Outlook/Outlook Express to connect to an
> > > > LDAP addressbook using SSL?  I can connect fine without using SSL, but
> > > > once i check the SSL box i get errors on the client side.  If anyone
> has
> > > > had any sucess with this I would appreciate hearing from you.
> > > >
> > > > Thanks
> > > > Amith
> > > >
> > > >
> > > >
> > >
> >
> >
>