[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem accessing via TLS



I posted this a week or more ago, but had to leave town and not able to follow up.

Don't know what I'm doing wrong with this one server, wondering if
someone could tell me what I am not thinking of...

I have two clients on the same network trying to connect to an off
network server using TLS. Running the same command on both is successful
on one and not on the other. So, I copied the ldap.conf file AND the
cacert.pem file to the problem client with no help. I tried -ZZ and '-H
ldaps://servername:636/' options, while these work flawlessly from one
cient, the second cannot connect using the exact same command with the
exact same CA cert and ldap.conf files. Accessing the ldap server
without TLS works fine on both clients. Clients are FreeBSD 5.4 and
FreeBSD 6.0 servers with openldap 2.2.30 client port packages installed.
If the CA cert and ldap.conf has been tested to work OK, what else
should I be considering when trying to connect via TLS? I get no issues
in the debug.log of the server or client machine.

>From client one:
genoa# ldapsearch -xZZ -h directory.webtent.net -b "dc=webtent,dc=net" "(uid=robert)" mail
ldap_start_tls: Connect error (-11)
genoa# ldapsearch -x -H ldaps://directory.webtent.net:636/ -b "dc=webtent,dc=net" "(uid=robert)" mail
ldap_bind: Can't contact LDAP server (-1)
genoa# ldapsearch -x -h directory.webtent.net -b "dc=webtent,dc=net" "(uid=robert)" mail
# extended LDIF
#
# LDAPv3
# base <dc=webtent,dc=net> with scope sub
# filter: (uid=robert)
# requesting: mail
#

# Robert Fitzpatrick, People, webtent.net
dn: cn=Robert Fitzpatrick,ou=People,dc=webtent,dc=net
mail: robert@webtent.com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

>From client two:
esmtp# ldapsearch -x -H ldaps://directory.webtent.net:636/ -b "dc=webtent,dc=net" "(uid=robert)" mail
# extended LDIF
#
# LDAPv3
# base <dc=webtent,dc=net> with scope sub
# filter: (uid=robert)
# requesting: mail
#

# Robert Fitzpatrick, People, webtent.net
dn: cn=Robert Fitzpatrick,ou=People,dc=webtent,dc=net
mail: robert@webtent.com

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

-- 
Robert