[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Client reports "Can't Contact LDAP server"

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Tony Earnshaw

> søn, 2002-08-25 kl. 15:18 skrev Stephen Torri:
> > On Sat, 2002-08-24 at 23:09, Kurt D. Zeilenga wrote:
> > > You might try enabling some debugging output...
> > > Most likely the problem is TLS certificate related.
> > > And likely unrelated to Kerberos.
> If, as Kurt has pointed out, this is a certificate-related problem
> (which in my own experience mostly similar problems are), the you won't
> yet have enough knowledge to know what the slapd debugging output means.
> The best choice for this is '-d 5', but all you'll see is that there is
> no ldapbind, not why.
> To see exactly what is going on, you can best compile, run and learn
> Ethereal: This is a packet sniffer, with which you can see the exact
> content of each packet exchanged, both with and without ecncryption.
> Though again, you'd have to know what to expect of the contents of an IP
> packet.

I think the latter is far less likely, particularly for an SSL/TLS exchange.
Use "-d 1" on both the client and the server, and you'll see all the messages
from the OpenSSL library, which should give you enough info to find out what
it's complaining about. Packet sniffing is definitely a last-resort approach,
and even if you're using SSLdump with pre-arranged keys you have to be an SSL
guru to piece together what's going on.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support