[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP clients fail to connect with SSL enabled

On 21/11/10 17:24 -0500, bluethundr wrote:
I am attempting to setup SSL/TLS support on my openLDAP 2.4 server on FreeBSD.

LBSD2# pkg_info | grep openldap
openldap-sasl-client-2.4.23 Open source LDAP client implementation
with SASL2 support
openldap-sasl-server-2.4.23 Open source LDAP server implementation

LBSD2# cat slapd.conf | grep -i tls
## TLS options for slapd
TLSCertificateFile  /usr/local/etc/openldap/cacerts/bsd2.summitnjhome.com.crt
TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/slapd.pem
TLSCACertificateFile  /usr/local/etc/openldap/cacerts/sf_issuing.crt

Connection closed by

[root@VIRTCENT08:/etc/openldap/cacerts]#getent passwd | grep ldapAccount
[same interminable wait as above]

This is what my /etc/ldap.conf file looks like on the client:

[root@VIRTCENT08:/etc/openldap/cacerts]#cat /etc/ldap.conf
base dc=summitnjhome,dc=com
timelimit 120
bind_timelimit 120
idle_timelimit 3600
uri ldap://ldap.summitnjhome.com/
ssl start_tls
tls_cacertdir /etc/openldap/cacerts
pam_password crypt
<commented out lines removed>

Does an ldapsearch -d -1 -ZZ successfully connect?

If so, then that should rule out a problem with your slapd configuration
and ldap client library configuration (the options within your ldap.conf
used by the OpenLDAP client library). In that case, you might focus on your
ldap nss configuration.

Dan White