[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can't use SSL session



At 06:41 PM 10/5/2006, Hai Zaar wrote:
On 10/6/06, Dan O'Reilly <dano@process.com> wrote:
Using ldapsearch on a VMS system to attempt to do a directory lookup using
SSL to a non-OpenLDAP directory on another system.  I verified the root CA
certificate is correct using:


Any ideas? I've been pulling my hair out over this for a couple weeks now. If I do this same search using port 389 and no SSL it works correctly.
What does slapd log show regarding this connection?

Did you try SSL on port 389 (i.e. StartTSL) - you can imply it by
specifying "-ZZZ" and "-p 389"

$ ldapsearch "-ZZZ" -p 389 -d 255 -s base -x -w xxxxxxxx -v "-D" "cn=Administrator,CN=Users,dc=altdomain2000,dc=psccos,dc=com" -b"cn=Users,dc=altdomain2000,d
c=psccos,dc=com" -h adtest.altdomain2000.psccos.com "(&(objectclass=user)(sAMAccountName=oreilly))"
ldap_initialize( ldap://adtest.altdomain2000.psccos.com:389 )
ldap_create
ldap_url_parse_ext(ldap://adtest.altdomain2000.psccos.com:389)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP adtest.altdomain2000.psccos.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.0.27:389
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x0043ba98 ptr=0x0043ba98 end=0x0043bab7 len=31
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ber_scanf fmt ({) ber:
ber_dump: buf=0x0043ba98 ptr=0x0043ba9d end=0x0043bab7 len=26
0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1.
0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037
ber_flush: 31 bytes to sd 3
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ldap_write: want=31, written=31
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
ldap_write: want=31, written=31
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ldap_result ld 43B028 msgid 1
ldap_chkResponseList ld 43B028 msgid 1 all 1
ldap_chkResponseList returns ld 43B028 NULL
wait4msg ld 43B028 msgid 1 (infinite timeout)
wait4msg continue ld 43B028 msgid 1 all 1
** ld 43B028 Connections:
* host: adtest.altdomain2000.psccos.com port: 389 (default)
refcnt: 2 status: Connected
last used: Thu Oct 5 21:34:49 2006


** ld 43B028 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** ld 43B028 Response Queue:
   Empty
ldap_chkResponseList ld 43B028 msgid 1 all 1
ldap_chkResponseList returns ld 43B028 NULL
ldap_int_select
read1msg: ld 43B028 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=8
  0000:  30 84 00 00 00 16 02 01                            0.......
ldap_read: want=20, got=20
  0000:  01 78 84 00 00 00 0d 30  84 00 00 00 07 0a 01 02   .x.....0........
  0010:  04 00 04 00                                        ....
ber_get_next: tag 0x30 len 22 contents:
ber_dump: buf=0x0043ec68 ptr=0x0043ec68 end=0x0043ec7e len=22
  0000:  02 01 01 78 84 00 00 00  0d 30 84 00 00 00 07 0a   ...x.....0......
  0010:  01 02 04 00 04 00                                  ......
read1msg: ld 43B028 msgid 1 message type extended-result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x0043ec68 ptr=0x0043ec6b end=0x0043ec7e len=19
  0000:  78 84 00 00 00 0d 30 84  00 00 00 07 0a 01 02 04   x.....0.........
  0010:  00 04 00                                           ...
read1msg: ld 43B028 0 new referrals
read1msg:  mark request completed, ld 43B028 msgid 1
request done: ld 43B028 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_extended_result
ber_scanf fmt ({eAA) ber:
ber_dump: buf=0x0043ec68 ptr=0x0043ec6b end=0x0043ec7e len=19
  0000:  78 84 00 00 00 0d 30 84  00 00 00 07 0a 01 02 04   x.....0.........
  0010:  00 04 00                                           ...
ldap_msgfree
ldap_perror
ldap_start_tls: Decoding error (-4)

------
+-------------------------------+----------------------------------------+
| Dan O'Reilly                  |  "There are 10 types of people in this |
| Principal Engineer            |   world: those who understand binary   |
| Process Software              |   and those who don't."                |
| http://www.process.com        |                                        |
+-------------------------------+----------------------------------------+