[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with ldaps:// when switching from 2.3 to 2.4

I have to machine, on the first there is no problem in connecting to the LDAP server (IBM directory server).
The first machine is RedHat RHEL5 Client, the second is Ubuntu karmic 9.10.

First machine looks like this:

<root@trog /etc/openldap># uname -a
Linux trog.krakow.pl.ibm.com 2.6.30 #1 SMP Fri Jun 26 08:44:06 CEST 2009 i686 i686 i386 GNU/Linux
<root@trog /etc/openldap># rpm -qa |grep ldap
<root@trog /etc/openldap># cat ldap.conf
# LDAP Defaults

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

TLS_CACERT /etc/openldap/cacerts/bp.cert

On the second the configuration is:

root@xwing:/etc/ldap# uname -a
Linux xwing 2.6.31-server #1 SMP Thu Oct 1 11:55:18 CEST 2009 i686 GNU/Linux
root@xwing:/etc/ldap# dpkg -l |grep ldap
ii  ldap-utils                                 2.4.15-1ubuntu3                           OpenLDAP utilities
ii  libldap-2.4-2                              2.4.15-1ubuntu3                           OpenLDAP libraries
root@xwing:/etc/ldap# cat ldap.conf
# LDAP Defaults

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

TLS_CACERT /etc/ldap/cacerts/bp.cert

When I start the ldapsearch on the second machine, I get the error:

root@xwing:/etc/ldap# ldapsearch -d5 -x -H ldaps://myldapserver.com
ldap_new_connection 1 1 0
ldap_connect_to_host: TCP myldapserver.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS: can't connect: A TLS packet with unexpected length was received..
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

What is more... when using ldap:// instead of ldaps:// on the second machine
everything works perfectly, but since it's not secured connection I cannot
accept that solution.

The ldapsearch works fine on the first machine for both secure and insecure connection.

Can anyone help?

Tomasz 'Trog' Welman
Software Developer
external: 48-12-628-9449
ITN: 34819449
T/L: 9449

IBM SWG Lab, Krakow, Poland
IBM Polska Sp. z o.o. oddział w Krakowie
ul. Armii Krajowej 18 30 -150 Kraków
NIP: 526-030-07-24, KRS 0000012941
Kapitał zakładowy: 33.000.000 PLN