[Date Prev][Date Next]
Re: OpenLDAP starts, but...
-----BEGIN PGP SIGNED MESSAGE-----
Je Mardo Marto 15 2005 22:13, Kurt D. Zeilenga skribis:
> I don't believe Pupeno has expressed this publicly yet.
> As far as I can tell, he's using s_client against slapd.
> Where's the evidence (or his statement) that s_client is
> working against s_server (on the systems he's having
> problems with)? If he's gotten s_client to work with
> s_server, and verify to report no errors... then he should
> say so.
I'm sorry, I've had some chat sessions with Quanah and I might have thought
I've posted something that I didn't.
> And if s_client/s_server are working, what about ldapsearch(1)
> to s_server?
I haven't tried it. Let's see.
I start the server:
# openssl s_server -accept 1234 -cert /etc/ssl/certificate.pem
- -key /etc/ssl/privatekey.pem
Using default temp DH parameters
I run ldapsearch:
# ldapsearch -x -H ldaps://master.pupeno.com:1234
the server says:
- -----BEGIN SSL SESSION PARAMETERS-----
- -----END SSL SESSION PARAMETERS-----
CIPHER is DHE-DSS-AES256-SHA
and that's all. Do you see anything wrong here ?
Just for the record:
s_client -> s_server [works]
any browser -> apache [works]
s_client -> slapd [doesn't work]
ldapsearch -> slapd [doesn't work]
> >The OpenSSL verify command with the trusted CA from cacert.org works.
> Looks to me (from his OpenSSL post) that a verify command is
> returning errors.
I believe the errors are because there's no certification for cacert.pem,
well, after all, it's a root certificate, the chain starts somewhere. Or do
you know how to solve those errors ? If I run the command this way:
# openssl verify -CAfile /etc/ssl/certs/cacert.pem -purpose sslserver
I don't get any error.
> >However, using the openssl client to request the cert from his OpenLDAP
> > server does not return a cert. Testing the same thing against my ldap
> > servers returned a cert.
> Well, if ldapsearch(1) works to s_server on his system, and
> works against your server, I'd guess his server runtime
> environment hosed. File permissions or something.
I had the a file permissions problems with the key and the certificate before,
in that case, slapd doesn't even start.
Pupeno: email@example.com - http://pupeno.com
Reading Science Fiction ? http://sfreaders.com.ar
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
-----END PGP SIGNATURE-----