[Date Prev][Date Next]
Re: TLS problem
On 01/29/13 10:22 +0200, Chris wrote:
I am running Openldap 2.4.23 on RHEL6. I can telnet to the server on both
389 636 ports. I can do a ldapsearch and ldapadd without any errors. I
get this error when I start the slapd daemon.
/ldap_start_tls_s() failed: Can't contact LDAP server: Transport
endpoint is not connected (uri="ldap://ldapserver")//
//failed to bind to LDAP server ldap://ldapserver: Can't contact LDAP
server: Transport endpoint is not connected/
I don't understand why you are receiving this error while starting slapd.
Where are you seeing this error?
What command line options are you starting slapd with?
When I do a ldapsearch -x -d1 -Z -b 'dc=flamengro,dc=co,dc=za'
I get the following error
/TLS: certificate [//CA certificate details omitted here...] is not
valid - error -8172:Peer's certificate issuer has been marked as not
trusted by the user..//
//TLS: error: connect - force handshake failure: errno 0 - moznss error
//TLS: can't connect: TLS error -8172:Peer's certificate issuer has been
marked as not trusted by the user..//
//ldap_start_tls: Connect error (-11)//
// additional info: TLS error -8172:Peer's certificate issuer has
been marked as not trusted by the user/
You have a certificate trust issue. In your above command, you are not
specifying a hostname, which means that you're apparently using the hostname
specified in your ldap.conf. Verify that's actually a hostname, and not an
IP address. Check that the hostname matches the contents of your
certificate, and that the certificate's signer is trusted by your moznss
library (on your client).
Any help will be appreciated.
This is my slapd.conf file
checkpoint 1024 15
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
# allow only rootdn to read the monitor
access to *
by dn.exact="cn=Manager,dc=flamengro,dc=co,dc=za" read
by * none
access to attrs=userPassword,shadowLastChange
by anonymous auth
by self write
by * none