[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem connecting using TLS

I have tried so many examples, the OpenLDAP FAQ, my OpenLDAP book, an
article from the Linux Journal. Nothing has helped me get TLS to work on
my OpenLDAP 2.1.23 server. I hope someone can shed some light I what I
may be doing wrong. I understand that you do not have to use the
'--with-tls' option, it is auto, when compiling openldap-2.1.23 and it
was not done. If this is my problem, stop there and let me know.

I create the cert and key per the OpenLDAP FAQ, setup ownership to the
ldap user on these files and make them 600 for the key and 644 for the
cert and cacert. Here is the slapd.conf configuration in the global

TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateFile /etc/openldap/servercrt.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem

Server starts fine and my netstat shows the following:

[root /root]# netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address        
tcp        0      0*              
tcp        0      0 *              

I copy the cacert.pem to my RedHat Linux 9 workstation and verify it as

openssl s_client -connect hermes.webtent.org:636 -CAfile
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1066655627
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

I put 'tls_cert /home/robert/cacert.pem' in my home directory in
.ldaprc. Trying to connect from the workstation produces the following:

[robert@columbus robert]$ ldapsearch -x -Z -b
"dc=hermes,dc=webtent,dc=org" -D
"cn=Manager,dc=hermes,dc=webtent,dc=org" -W "(ObjectClass=*)" -h
ldap_start_tls: Can't contact LDAP server
Enter LDAP Password:
ldap_bind: Can't contact LDAP server

Any ideas why I can't get connected?