[Date Prev][Date Next]
OpenLDAP client and SSL handshaek
I am using OpenLDAP as a client to connect to a 3rd party Oracle
Internet Directory 10g.
After recent updates, I have been unable to successfully bind with the
LDAP server. I believe this is an error with the SSL handshake because
the following command will not negotiate an SSL protocol:
$ openssl s_client -connect HOST:636
While adding the -no_tls1 flag will:
$ openssl s_client -connect HOST:636 -no_tls1
When I attempt to connect to the server using ldapsearch, I receive the
$ ldapsearch -d7 -x -H ldaps://HOST:636 -D "BIND_DN" -W
ldap_new_connection 1 1 0
ldap_connect_to_host: TCP HOST:636
ldap_connect_to_host: Trying HOST_IP:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS: could not add the certificate (null) - error -8018:Unknown PKCS #11
TLS: /etc/openldap/cacerts/addtrust-ca.crt is not a valid CA certificate
file - error -8018:Unknown PKCS #11 error..
TLS: could perform TLS system initialization.
TLS: error: could not initialize moznss security context - error
-8018:Unknown PKCS #11 error.
TLS: can't create ssl handle.
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
TLS: could not shutdown NSS - error -8053:NSS could not shutdown.
Objects are still in use..
Is there a way, either through the ldap.conf, an environment variable,
or through the API, to ignore the TLS portion of the handshake? Am I
mistaken and something else is wrong here?