[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can't use SSL session

To: openldap-software@openldap.org
Subject: Re: Can't use SSL session
From: "Dieter Kluenter" <dieter@dkluenter.de>
Date: Fri, 06 Oct 2006 13:59:07 +0200
In-reply-to: <6.1.2.0.2.20061005163002.02f2bda0@192.168.0.11> (Dan O'Reilly's message of "Thu, 05 Oct 2006 16:34:54 -0600")
References: <6.1.2.0.2.20061005163002.02f2bda0@192.168.0.11>
User-agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.5 (chestnut, linux)

"Dan O'Reilly" <dano@process.com> writes:

> Using ldapsearch on a VMS system to attempt to do a directory lookup
> using SSL to a non-OpenLDAP directory on another system.  I verified
> the root CA certificate is correct using:
>
> $ openssl s_client -connect adtest:636 "-CAfile" test_root_ca.pem
>
> My LDAP.CONF file contains:
>
> TLS_CHECKPEER   no
> BIND_POLICY     soft
> TLS_REQCERT     never
> TLS_CACERT      RAPTOR$DKA0:[OREILLY.KEYS]TEST_ROOT_CA.PEM
>
> What happens is below:
>
> $ ldapsearch   "-ZZ" -p 636 -d 255 -s base -x -w xxxxxxxxx -v "-D"

The -ZZ option initialises ldap_starttls request, while the server,
listening on port 636 presents the certificate without starttls.
You either do a ldapsearch to port 636 without starttls, or to port
389 with starttls.

-Dieter


-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

References:
- Can't use SSL session
  - From: "Dan O'Reilly" <dano@process.com>

Prev by Date: Re: How do I fix issues of really poor performance
Next by Date: Re: Problems with openldap replication with slurpd. "unknown error"
Index(es):
- Chronological
- Thread