[Date Prev][Date Next]
Re: open LDAP + TLS/SSL bind Failed.
- To: "firstname.lastname@example.org" <email@example.com>
- Subject: Re: open LDAP + TLS/SSL bind Failed.
- From: "vijay s sheelavantar" <firstname.lastname@example.org>
- Date: 19 Sep 2011 09:36:34 -0000
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=redf; d=rediffmail.com; b=apqLq/8PVmxComb151F1ZOT87pUZp3EO3vnPeNQJm71PBx467sLxweKuRpoLsgNQOzqof4kB3iEtfJqUANHrPs9o/JW/055q4iVDkC6neOUWM7y+0FzpFChCYlAbzQ1IVxACnNXsXemMVoRHR3hyoamkpBVmR/+jM+ZbEvoNMgo= ;
Thank you very much Buchan.
I have changed the certificate creation method. Now I created the certificates using CA.sh of openssl.
I followed the instruction given in the below link to create the certificates.
1. At the server side now i am able to do ldapsearch and ldapadd, as i have chenged the /usr/local/etc/openldap/ldap.conf on server to remove IP address. I have made necessary changes in /etc/hosts file also.
2.slapd.conf details for TLS are as follows
3. I have copied the "cacert.pem" which is CA and "newcert.pem" which my server certificate to the client machine. I have copied these files to /etc/openldap/cacerts directory on client machine. and I have made the following configuration changes to "/etc/ldap.conf" file at the client side.
nss_map_attribute gecos description
When the "TLSVerifyClient allow" is specified in slapd.conf, I am able to login to the client machine properly, authentication is succesful. but when "TLSVerifyClient demand" and when I try to login to the client machine the authentication is failing.
I am getting the following error at the server side.
TLS trace: SSL3 alert write:fatal:handshake failure
TLS trace: SSL_accept:error in SSLv3 read client certificate B
TLS: can't accept: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate.
connection_read(12): TLS accept failure error=-1 id=1005, closing
connection_closing: readying conn=1005 sd=12 for close
connection_close: conn=1005 sd=12
daemon: activity on 1 descriptor
daemon: activity on:
daemon: removing 12
conn=1005 fd=12 closed (TLS negotiation failure)
please let me know where i am making mistake? how can i correct this and make it work properly?
Thanks & Regards,
Treat yourself at a restaurant, spa, resort and much more with Rediff Deal ho jaye!