[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL Working (Somewhat)

To: Jason L W Lynn <jlwlynn@uab.edu>, openldap-software@OpenLDAP.org
Subject: Re: TLS/SSL Working (Somewhat)
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Thu, 19 Jun 2003 11:06:14 -0700
Content-disposition: inline
In-reply-to: <1056044464.7056.43.camel@buck.lab.ac.uab.edu>
References: <1056044464.7056.43.camel@buck.lab.ac.uab.edu>

--On Thursday, June 19, 2003 12:41 PM -0500 Jason L W Lynn <jlwlynn@uab.edu> wrote:

I have TLS/SSL working locally on my machine.  After starting the
server, if I perform an ldapsearch from machine1.example.com:

ldapsearch -U jdoe@machine1.example.com -Y digest-md5 -H
ldaps://machine1.example.com -b 'dc=machine1.example,dc=com'
'(objectClass=*)'

everything works just fine.  But, If I ssh to machine2.example.com and
perform the same search:

ldapsearch -U jdoe@machine1.example.com -Y digest-md5 -H
ldaps://machine1.example.com -b 'dc=machine1.example,dc=com'
'(objectClass=*)'

it fails.  I am getting the following output from the client:

ldap_sasl_interactive_bind_s: Can't contact LDAP server (81)

and the following output (excerpt) from the server:

TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=0
TLS: can't accept.
connection_read(13): TLS accept error error=-1 id=0, closing


Jason,

You'll need to point ldapsearch at a valid server-certs.pem file.

I use my .ldaprc file to do this:

tribes:~> cat .ldaprc
BASE dc=stanford,dc=edu
HOST ldap.stanford.edu
TLS_CACERT /usr/pubsw/etc/openssl/server-certs.pem


--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- TLS/SSL Working (Somewhat)
  - From: Jason L W Lynn <jlwlynn@uab.edu>

Prev by Date: RE: Red Hat 7.3 openLDAP Client VS Sun Iplanet LDAP Server
Next by Date: Re: how to get TLS working
Index(es):
- Chronological
- Thread