[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ssl/tls with libpam-ldap and libnss-ldap debian packages

I try your configuration and I see with slapd :


connection_get(10): got connid=2
connection_read(10): checking for input on id=2
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol s23_srvr.c:565
connection_read(10): TLS accept error error=-1 id=2, closing
connection_closing: readying conn=2 sd=10 for close
connection_close: conn=2 sd=10


Can you explain?

Nicolas Audhéon wrote:



----- Original Message -----
*From:* Chapman, Kyle <mailto:Kyle_Chapman@G1.com>

*To:* 'Nicolas Audhéon' <mailto:naudheon@noos.fr>

*Sent:* Friday, January 18, 2002 8:55 PM

*Subject:* RE: ssl/tls with libpam-ldap and libnss-ldap debian packages


what error messages are you getting?

what errors do you see with slapd? (try running slapd with -d 1 -h "ldap:/// ldaps:///")

 try:

host ldap.mydomain.com

uri ldaps://ldap.mydomain.com/

basedn dc=mydomain,dc=com

ldap_version 3

pam_password crypt 

scope sub

ssl yes

tls_checkpeer no



you must also set these values:

nss_base_* (the ones you need to use at any rate)

    -----Original Message-----
    *From:* Nicolas Audhéon [mailto:naudheon@noos.fr]
    *Sent:* Friday, January 18, 2002 2:32 PM
    *To:* openldap-software@OpenLDAP.org
    *Subject:* Re: ssl/tls with libpam-ldap and libnss-ldap debian packages

    I also tried the following configuration without result.



    --------------

    uri ldaps://ldap.mydomain.com/

    basedn dc=mydomain,dc=com

    ldap_version 3

pam_password crypt 

    ssl yes

    tls_checkpeer no

    -------------

    What's wrong?

        ----- Original Message -----

        *From:* Chapman, Kyle <mailto:Kyle_Chapman@G1.com>

        *To:* 'naudheon' <mailto:naudheon@noos.fr> ; support@padl.com
        <mailto:support@padl.com> ; openldap-software@OpenLDAP.org
        <mailto:openldap-software@OpenLDAP.org>

        *Sent:* Friday, January 18, 2002 5:47 PM

        *Subject:* RE: ssl/tls with libpam-ldap and libnss-ldap debian
        packages


        change the port to 389, start_tls doesnt use 636...

        -----Original Message-----
        From: naudheon [mailto:naudheon@noos.fr]
        Sent: Friday, January 18, 2002 11:35 AM
        To: support@padl.com <mailto:support@padl.com>;
        openldap-software@OpenLDAP.org
        <mailto:openldap-software@OpenLDAP.org>
        Subject: ssl/tls with libpam-ldap and libnss-ldap debian packages


        Hi,

        I'm a Debian Woody user.

        I've installed openldap 2.0.21 with SSL/TLS support (from
        tarball, not
        debian package) and it works fine.

        I use ldap to authenticate users on my office network and like a
        common
        directory.

        Secure connections work fine with Netscape messenger, Outlook
        Express,
        Mozilla messenger.

        I've installed libpam-ldap (v.134) and libnss-ldap (v.174) packages
        (from Woody distribution) and it works fine again without ssl/tls
        activation.

        I've no result, when I try to activate ssl/tls in pam_ldap and
        libnss_ldap files configuration.

        I (re-)compiled packages with enable-ssl option.

        My pam_ldap.conf and libnss_ldap.conf are same files and look
        like :

        ---------

        host ldap.mydomain.com

        basedn dc=mydomain,dc=com

        ldap_version 3

        pam_password crypt

        port 636

        ssl start_tls

        tls_checkpeer no

        ---------


        I've tried many things without any result.

        No logs helped me.


        Has anybody tried ssl with Debian nss pam ldap packages?


        Thank you for your help and your time.


        Nicolas Audheon.