[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with ldaps:// when switching from 2.3 to 2.4

To: Tomasz Welman <tomasz.welman@pl.ibm.com>
Subject: Re: Problem with ldaps:// when switching from 2.3 to 2.4
From: Mathias Gug <mathiaz@ubuntu.com>
Date: Thu, 12 Nov 2009 11:13:29 -0600
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <OFA3A039B1.E9A40175-ONC125766C.002C80FF-C125766C.002D85EB@pl.ibm.com>
References: <OF514EFAD5.DD2CCE27-ONC1257669.0041D9EA-C1257669.0042BDC0@pl.ibm.com> <E62FFAC765F6B0B32046FF51@192.168.1.199> <OF167D160F.489F928D-ONC125766A.002C46D9-C125766A.002D58A2@pl.ibm.com> <cb69cb8f0911101651n65a230b2s43e83b9f3ac0b5c4@mail.gmail.com> <OFA3A039B1.E9A40175-ONC125766C.002C80FF-C125766C.002D85EB@pl.ibm.com>
User-agent: Mutt/1.5.20 (2009-06-14)

On Thu, Nov 12, 2009 at 09:17:12AM +0100, Tomasz Welman wrote:
[...]

> TLS: can't connect: Decryption has failed..
> ldap_err2string
> ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
> 
> 
> The gnutls-cli I've launched 3 times and the error messages differ, look:
> 
> [root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p 
> 636 bluepages.ibm.com
> Processed 1 CA certificate(s).
> Resolving 'bluepages.ibm.com'...
> Connecting to '9.17.186.253:636'...


> *** Fatal error: A TLS packet with unexpected length was received.
> *** Handshake has failed
> GNUTLS ERROR: A TLS packet with unexpected length was received.


> [root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p 
> 636 bluepages.ibm.com
> Processed 1 CA certificate(s).
> Resolving 'bluepages.ibm.com'...
> Connecting to '9.17.186.253:636'...


> *** Fatal error: A TLS packet with unexpected length was received.
> *** Handshake has failed
> GNUTLS ERROR: A TLS packet with unexpected length was received.


> [root@darthvader ~]# gnutls-cli --x509cafile /etc/ldap/cacerts/bp.cert -p 
> 636 bluepages.ibm.com
> Processed 1 CA certificate(s).
> Resolving 'bluepages.ibm.com'...
> Connecting to '9.17.186.253:636'...
> *** Fatal error: Decryption has failed.
> *** Handshake has failed
> GNUTLS ERROR: Decryption has failed.
> 

Seems like there is an error with the gnutls library rather than openldap.
Could you try to connect to the server with openssl s_client instead of
gnutls-cli?

-- 
Mathias Gug
Ubuntu Developer  http://www.ubuntu.com

Follow-Ups:
- Re: Problem with ldaps:// when switching from 2.3 to 2.4
  - From: Tomasz Welman <tomasz.welman@pl.ibm.com>

References:
- Problem with ldaps:// when switching from 2.3 to 2.4
  - From: Tomasz Welman <tomasz.welman@pl.ibm.com>
- Re: Problem with ldaps:// when switching from 2.3 to 2.4
  - From: Tomasz Welman <tomasz.welman@pl.ibm.com>
- Re: Problem with ldaps:// when switching from 2.3 to 2.4
  - From: Mathias Gug <mathiaz@ubuntu.com>
- Re: Problem with ldaps:// when switching from 2.3 to 2.4
  - From: Tomasz Welman <tomasz.welman@pl.ibm.com>

Prev by Date: Re: Best practice for choosing RID
Next by Date: Re: ldap clients cant connect to replica after failure
Index(es):
- Chronological
- Thread