[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Still getting TLS errors with 2.3.11

> If I run ldapsearch from another machine which has another version of
> openldap that is not 2.3.11 nor 2.3.10, then it works.

So this is against your 2.3.11 slapd, 2.3.11 ldapsearch -ZZ fails while
<2.3.10 connects OK (2.3.11 server held constant)?

Do you have identical ldap.conf and/or .ldaprc on the 2.3.11 machines, and
of course identical file contents referenced? Also, your logs are from
slapd -d -1 (which is a good debugging step), but you might want to try a
ldapsearch -d -1 too so we can see the other side of the equation.

The "telnet" seems to me a bad example, I'm pretty sure that will get
"TLS: can't accept" in all situations. (Unless you know how to perform a
TLS handshake by hand.)