[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS/SSL Working (Somewhat)

--On Thursday, June 19, 2003 12:41 PM -0500 Jason L W Lynn <jlwlynn@uab.edu> wrote:

I have TLS/SSL working locally on my machine.  After starting the
server, if I perform an ldapsearch from machine1.example.com:

ldapsearch -U jdoe@machine1.example.com -Y digest-md5 -H
ldaps://machine1.example.com -b 'dc=machine1.example,dc=com'

everything works just fine.  But, If I ssh to machine2.example.com and
perform the same search:

ldapsearch -U jdoe@machine1.example.com -Y digest-md5 -H
ldaps://machine1.example.com -b 'dc=machine1.example,dc=com'

it fails.  I am getting the following output from the client:

ldap_sasl_interactive_bind_s: Can't contact LDAP server (81)

and the following output (excerpt) from the server:

TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=0
TLS: can't accept.
connection_read(13): TLS accept error error=-1 id=0, closing


You'll need to point ldapsearch at a valid server-certs.pem file.

I use my .ldaprc file to do this:

tribes:~> cat .ldaprc
BASE dc=stanford,dc=edu
HOST ldap.stanford.edu
TLS_CACERT /usr/pubsw/etc/openssl/server-certs.pem

-- Quanah Gibson-Mount Senior Systems Administrator ITSS/TSS/Computing Systems Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html