[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with ldaps:// when switching from 2.3 to 2.4



I have to machine, on the first there is no problem in connecting to the LDAP server (IBM directory server).
The first machine is RedHat RHEL5 Client, the second is Ubuntu karmic 9.10.


First machine looks like this:

<root@trog /etc/openldap># uname -a
Linux trog.krakow.pl.ibm.com 2.6.30 #1 SMP Fri Jun 26 08:44:06 CEST 2009 i686 i686 i386 GNU/Linux
<root@trog /etc/openldap># rpm -qa |grep ldap
python-ldap-2.2.0-2.1
openldap-2.3.43-3.el5
openldap-devel-2.3.43-3.el5
nss_ldap-253-21.el5
mozldap-6.0.5-1.el5
openldap-clients-2.3.43-3.el5
openldap-compat-2.1.30-1.oc2
<root@trog /etc/openldap># cat ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example, dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

TLS_CACERT /etc/openldap/cacerts/bp.cert


On the second the configuration is:

root@xwing:/etc/ldap# uname -a
Linux xwing 2.6.31-server #1 SMP Thu Oct 1 11:55:18 CEST 2009 i686 GNU/Linux
root@xwing:/etc/ldap# dpkg -l |grep ldap
ii  ldap-utils                                 2.4.15-1ubuntu3                           OpenLDAP utilities
ii  libldap-2.4-2                              2.4.15-1ubuntu3                           OpenLDAP libraries
root@xwing:/etc/ldap# cat ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

TLS_CACERT /etc/ldap/cacerts/bp.cert


When I start the ldapsearch on the second machine, I get the error:

root@xwing:/etc/ldap# ldapsearch -d5 -x -H ldaps://myldapserver.com
ldap_url_parse_ext(ldaps://myldapserver.com)
ldap_create
ldap_url_parse_ext(ldaps://myldapserver.com:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP myldapserver.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 9.17.186.253:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS: can't connect: A TLS packet with unexpected length was received..
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)


What is more... when using ldap:// instead of ldaps:// on the second machine
everything works perfectly, but since it's not secured connection I cannot
accept that solution.

The ldapsearch works fine on the first machine for both secure and insecure connection.


Can anyone help?


--
Tomasz 'Trog' Welman
Software Developer
external: 48-12-628-9449
ITN: 34819449
T/L: 9449

IBM SWG Lab, Krakow, Poland
IBM Polska Sp. z o.o. oddział w Krakowie
ul. Armii Krajowej 18 30 -150 Kraków
NIP: 526-030-07-24, KRS 0000012941
Kapitał zakładowy: 33.000.000 PLN