[Date Prev][Date Next] [Chronological] [Thread] [Top]

tls issues with clients



I'm pretty confused, because my clients are setup with almost identical configs, and the server(localhost), and one of my client PC's can connect and use SSL (ldapsearch -H ldaps://heracross.corpedia.internal/ -b dc=corpedia,dc=internal -x -Z), and it returns the correct results, and I can see it using TLS in the slapd log.


I copied the same configs to both boxes

/etc/ldap.conf
----
#host heracross.corpedia.internal

base dc=corpedia,dc=internal
uri heracross.corpedia.internalheracross.corpedia.internal ldap://heracross.corpedia.internal/
binddn cn=root,dc=corpedia,dc=internal
bindpw *****************
scope sub
bind_policy hard
nss_base_passwd         dc=corpedia,dc=internal?sub
nss_base_shadow         dc=corpedia,dc=internal?sub
nss_base_group          dc=corpedia,dc=internal?sub
pam_password md5

ssl yes
tls_cacertdir /etc/openldap/cacerts
-----



I see the following in my slapd error log as I connect as one of the nonworking boxes

root@kyle-laptop:/etc/ldap# ldapsearch -H ldaps://heracross.corpedia.internal/ -b dc=corpedia,dc=internal -x -Z
ldap_start_tls: Can't contact LDAP server (-1)
ldap_bind: Can't contact LDAP server (-1)
-----
connection_get(14): got connid=25
connection_read(14): checking for input on id=25
TLS trace: SSL_accept:before/accept initialization
TLS: can't accept.
connection_read(14): TLS accept failure error=-1 id=25, closing
connection_closing: readying conn=25 sd=14 for close
connection_close: conn=25 sd=14
-----

Here is a nopaste link for my slapd.conf file
http://rafb.net/p/NHjV1a33.html



--
Kyle Corupe

Unix Administrator
Corpedia Corporation
2020 North Central Avenue, Suite 1050
Phoenix, Arizona 85004-4576
Desk:(602)443-2148
Cell: (623)261-2874
kcorupe@corpedia.com