[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: why LDAP and LDAPS was opened contemporary

To: owen nirvana <freeespeech@gmail.com>
Subject: Re: why LDAP and LDAPS was opened contemporary
From: Indexer <indexer@internode.on.net>
Date: Fri, 2 Jul 2010 12:54:37 +0930
Cc: openldap-technical@openldap.org
In-reply-to: <AANLkTikLWp9B_Kg12FxOw9_BN8-XSovM_LJHk-Xq6Ifl@mail.gmail.com>
References: <AANLkTikLWp9B_Kg12FxOw9_BN8-XSovM_LJHk-Xq6Ifl@mail.gmail.com>

On 02/07/2010, at 12:49 PM, owen nirvana wrote:

> I set tls options to use ldaps.

When using TLS you dont need LDAPS, you want to set your systems to ldap://ldap.server

> 
> question 1:
> port 389 is opened yet when I scan the LDAP Server by nmap, but I could not
> connect it with Apache Directory Studio v1.5.3.
> 
> question 2:
> Nmap tell me "server still supports SSLv2", but I set TLSCipherSuite is
> HIGH:MEDIUM:-SSLv2
> 
> question 3:
> I try to import some data with ldapmodify
> 
> ldapmodify -a -H ldap://mydomain.org:636 -D "cn=admin,dc=mydomain,dc=org" -x
> -w whatever -f init.ldif

Try adding the -Z flag to turn on encryption. Your servers CN on the certificate must also match the hostname of the server.

> 
> the following is error report:
> 
> ldap_start_tls : Can't Contact LDAP Server(-1)
>    addition info: error: 14000092: SSL Routine: SSL3_GET_CERTFICATE:
> certificate verify failed
> 
> ldap_sasl_bind(Simple): Can't Contact LDAP Server(-1)
> 
> 
> gtalk:freeespeech@gmail.com <gtalk%3Afreeespeech@gmail.com>

Follow-Ups:
- Re: why LDAP and LDAPS was opened contemporary
  - From: owen nirvana <freeespeech@gmail.com>

References:
- why LDAP and LDAPS was opened contemporary
  - From: owen nirvana <freeespeech@gmail.com>

Prev by Date: why LDAP and LDAPS was opened contemporary
Next by Date: Re: why LDAP and LDAPS was opened contemporary
Index(es):
- Chronological
- Thread