[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind failing under ssl



I have confirmed that this is an issue with the bind and not with the 
ssl. I used the open ssl test client and the entire ssl portion of the 
protocol conversation worked as advertised (there were no self signed 
certs in the mix either). For some reason, slapd will not bind to the 
rootdn and rootpw (I have not tried to use regular users yet) when 
running under ssl. Is there something I am missing here?
Tom

Thomas Bolioli wrote:

>When I connect to my ldap server using plain ol' 389 everything works 
>just dandy. When I connect to it via ssl, the connection is made, ssl 
>appears to handshake, but the bind fails. Below are the slapd logs. Any 
>ideas with this one. I have added in a valid ca cert and have a valid 
>wildcard cert.
>It seems to be a pretty popular problem around these parts but no one 
>seems to have posted a solution.
>Thanks
>Tom
>
># To allow TLS-enabled connections, create /etc/ssl/openldap/ldap.pem
># and uncomment the following lines.
>TLSRandFile            /dev/random
>TLSCipherSuite         HIGH:MEDIUM:+SSLv2
>TLSCertificateFile      /etc/ssl/openldap/ldap.pem
>TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
>TLSCACertificatePath   /etc/ssl/
>TLSCACertificateFile    /etc/ssl/cacert.pem
>#TLSCACertificateFile    /etc/ssl/openldap/ldap.pem
>TLSVerifyClient never # ([never]|allow|try|demand)
>
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on 1 descriptors
>Apr 25 16:06:07 nova slapd[3670]: daemon: new connection on 12
>Apr 25 16:06:07 nova slapd[3670]: conn=1 fd=12 ACCEPT from 
>IP=209.6.223.56:32985 (IP=0.0.0.0:636)
>Apr 25 16:06:07 nova slapd[3670]: daemon: added 12r
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on:
>Apr 25 16:06:07 nova slapd[3670]:  
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=6 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=7 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=8 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=9 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on 1 descriptors
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on:
>Apr 25 16:06:07 nova slapd[3670]:  12r
>Apr 25 16:06:07 nova slapd[3670]:  
>Apr 25 16:06:07 nova slapd[3670]: daemon: read activity on 12
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=6 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=7 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=8 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=9 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on 1 descriptors
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on:
>Apr 25 16:06:07 nova slapd[3670]:  12r
>Apr 25 16:06:07 nova slapd[3670]:  
>Apr 25 16:06:07 nova slapd[3670]: daemon: read activity on 12
>Apr 25 16:06:07 nova slapd[3670]: daemon: removing 12
>Apr 25 16:06:07 nova slapd[3670]: conn=1 fd=12 closed
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=6 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=7 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=8 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=9 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on 1 descriptors
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=6 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=7 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=8 
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=9 
>active_threads=0 tvp=NULL
>
>  
>