[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem connecting using TLS

Robert Fitzpatrick wrote:
[root /root]# netstat -na
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0* LISTEN
tcp 0 0* LISTEN
[robert@columbus robert]$ ldapsearch -x -Z -b
"dc=hermes,dc=webtent,dc=org" -D
"cn=Manager,dc=hermes,dc=webtent,dc=org" -W "(ObjectClass=*)" -h
ldap_start_tls: Can't contact LDAP server
Enter LDAP Password:
ldap_bind: Can't contact LDAP server

Any ideas why I can't get connected?

1: Does it work if you try to connect on port 389 using TLS (that's what the -Z you're using is for) with a client on the server itself?

2: Do you have the uri or host/port details in ldaprc? Because you arent giving them on the command line (-H 'ldap://hermes.webtent.org/ ldaps://hermes.webtent.org/')

3: I don't see any subject or issuer in your s_client connect:

Certificate chain
0 s:/C=NL/ST=Zuidholland/O=Billy/OU=Billy/CN=localhost/emailAddress=hostmaster@billy.demon.nl
1 s:/C=NL/ST=Zuidholland/L=Nieuwveen/O=Billy/OU=Billy/CN=localhost/emailAddress=hostmaster@billy.demon.nl

4: When you make the certs, be sure that the CN of the subject (s:) really is the FQDN of the machine in question (check on linux with 'hostname -f')

And those are just for starters ;)

5: You shouldn't need any client cert, provided you haven't told the server to insist on one.


Who's had it all himeslf, in the beginning.

Tony Earnshaw

Once the camel's head has entered your tent,
it's very difficult to stop the rest of the
animal from following it

Mail: tonye-at-billy.demon.nl