[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can't get TLS working.

To: openldap-technical@openldap.org
Subject: Re: Can't get TLS working.
From: c0re <nr1c0re@gmail.com>
Date: Thu, 16 Sep 2010 12:53:53 +0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=DMbKEG29hjebNG1ADM8ZbcTuA4urXDThLtopVDSubPE=; b=Hat9hWHbvAKRbatmR1leeb5LrlzJc4xZ1qREzQuQS5zWBnCiVa1kckU7r9+cWVgZHK Qn6vwCwjKFUSzN7g+HOOV/s0Cl0ZRgOP88uRNJebwyz4vrshNi7I6DE3aGphybQZdwrt edwFSLAehGng4pXcz6L4cE27Rv76is3UjWwvA=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=TqqGt8lXUEEE3nbrUyx9M4g+JySo2LcYJ1q2+uqvqNCp+7Gje4g0Pcpl5bM8op8xXP epoL736+PIcu5MVk5dIIoSu3mKzHyQfdgT+/NquV8GPp6nQgqWzJFXFq8CvD6pe2bvoH haagVeEbADpvpZIlT2Vw4PK5iz6MAMtJ4kXB8=
In-reply-to: <87aaniw1a0.fsf@magenta.l4b.de>
References: <AANLkTin+sius-b60ZxjEVD_mm9VL1ghgB7icnQSyMao8@mail.gmail.com> <87hbhro466.fsf@magenta.l4b.de> <AANLkTimcMyaSRBqXJmGJjX0Ogb_yw3gxex83OoiWuSLF@mail.gmail.com> <874odrnvc0.fsf@magenta.l4b.de> <AANLkTi=9MPcpvOUaY_4RUJBts=VhJsyPmucebvf2uQcG@mail.gmail.com> <87vd67makp.fsf@magenta.l4b.de> <AANLkTikuQQUzk3XcBt7yxNj=Y=GVVPKusRedBerSvgKX@mail.gmail.com> <87k4mnm5qi.fsf@magenta.l4b.de> <19780B47470D564F87B2BE2169510466CC6D123745@SME1018.dom1.e-ssi.net> <AANLkTi=Sq5wTaad5Y989eUv_qs51RdmzYQ0ukv9jthiX@mail.gmail.com> <87eicuw3tp.fsf@magenta.l4b.de> <AANLkTi=nFXFeRhvWcp7C35W3UVY=Uxmq=-OQ++v9ARZv@mail.gmail.com> <87aaniw1a0.fsf@magenta.l4b.de>

using truss I see that ldapsearch looks for ldap.conf in right place

# truss ldapsearch -Z -h ldap.domain.com
.................
open("/etc/hosts",O_RDONLY,0666)                 = 3 (0x3)
fstat(3,{ mode=-rw-r--r-- ,inode=49352,size=274,blksize=4096 }) = 0 (0x0)
read(3,"::1\t\t\tlocalhost localhost.dom"...,4096) = 274 (0x112)
close(3)                                         = 0 (0x0)
open("/usr/local/etc/openldap/ldap.conf",O_RDONLY,0666) = 3 (0x3)
        <----------------------- here it is - this file has no
variables defined
fstat(3,{ mode=-rw-r--r-- ,inode=219345,size=245,blksize=4096 }) = 0 (0x0)
read(3,"#\n# LDAP Defaults\n#\n\n# See l"...,4096) = 245 (0xf5)
read(3,0x801325000,4096)                         = 0 (0x0)
close(3)                                         = 0 (0x0)
geteuid(0x0,0x801300398,0x2,0x514c50,0x514c50,0x801300000) = 0 (0x0)
getuid(0x0,0x801300398,0x2,0x80102a6ac,0xffffffff80b6a880,0x7fffffffe048)
= 0 (0x0)
open("/root/ldaprc",O_RDONLY,0666)               ERR#2 'No such file
or directory'
open("/root/.ldaprc",O_RDONLY,0666)              ERR#2 'No such file
or directory'
open("ldaprc",O_RDONLY,0666)                     ERR#2 'No such file
or directory'
open("/usr/local/etc/ldap.conf",O_RDONLY,0666)   = 3 (0x3)
     <----------------------- here it is - this file has all
configuration including certificates
fstat(3,{ mode=-r--r--r-- ,inode=220275,size=9338,blksize=4096 }) = 0 (0x0)
read(3,"# @(#)$Id: ldap.conf,v 1.38 2006"...,4096) = 4096 (0x1000)
read(3,"change\n# extended operation to "...,4096) = 4096 (0x1000)
read(3,"rver certificate verification\n#"...,4096) = 1146 (0x47a)
read(3,0x801325000,4096)                         = 0 (0x0)
close(3)                                         = 0 (0x0)
sigaction(SIGPIPE,{ SIG_IGN SA_RESTART ss_t },{ SIG_DFL 0x0 ss_t }) = 0 (0x0)
stat("/etc/nsswitch.conf",{ mode=-rw-r--r--
,inode=49395,size=350,blksize=4096 }) = 0 (0x0)
open("/etc/hosts",O_RDONLY,0666)                 = 3 (0x3)
fstat(3,{ mode=-rw-r--r-- ,inode=49352,size=274,blksize=4096 }) = 0 (0x0)
read(3,"::1\t\t\tlocalhost localhost.dom"...,4096) = 274 (0x112)
read(3,0x80133e000,4096)                         = 0 (0x0)
close(3)                                         = 0 (0x0)
........................

2010/9/16 Dieter Kluenter <dieter@dkluenter.de>:
> c0re <nr1c0re@gmail.com> writes:
>
>> I tryed to test with ldapsearch, but it ignores ldap.conf somehow
>> (where CA certificate defined) and I always recieve
>>         additional info: error:14090086:SSL
>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self
>> signed certificate in certificate chain)
>> Tryed with ldapsearch -Z -d 1 -h ldap.domain.com
> [...]
>
> ldapsearch is not ignoring ldap.conf, it always looks for this file
> either in the built in path, or the environment variables LDAPRC and
> LDAPCONF. It seems, you have placed ldap.conf in a non appropriate
> directory.
>
> -Dieter
>
> --
> Dieter Klünter | Systemberatung
> sip: 7770535@sipgate.de
> http://www.dpunkt.de/buecher/2104.html
> GPG Key ID:8EF7B6C6
>

References:
- Can't get TLS working.
  - From: c0re <nr1c0re@gmail.com>
- Re: Can't get TLS working.
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: Can't get TLS working.
  - From: c0re <nr1c0re@gmail.com>
- Re: Can't get TLS working.
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: Can't get TLS working.
  - From: c0re <nr1c0re@gmail.com>
- Re: Can't get TLS working.
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: Can't get TLS working.
  - From: c0re <nr1c0re@gmail.com>
- Re: Can't get TLS working.
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- RE: Can't get TLS working.
  - From: "Wallus, Harald Dr." <Harald.Wallus@eon.com>
- Re: Can't get TLS working.
  - From: c0re <nr1c0re@gmail.com>
- Re: Can't get TLS working.
  - From: "Dieter Kluenter" <dieter@dkluenter.de>
- Re: Can't get TLS working.
  - From: c0re <nr1c0re@gmail.com>
- Re: Can't get TLS working.
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: Can't get TLS working.
Next by Date: How to bootstrap in mirror mode with cn=config
Index(es):
- Chronological
- Thread