[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: fedora and openldap

Hello Quanah,


On 4/12/11 7:28 PM, Quanah Gibson-Mount wrote:

--On Tuesday, April 12, 2011 7:10 PM +0200 Judith Flo Gaya<jflo@imppc.org>
wrote:

( I installed a newer version of openldap in my server as the RH6 uses an
old one, I compiled it with tls and openssl)

  From the client I do :
   ldapsearch -x -ZZ -d1 -h curri0.imppc.local:636

This is a startTLS request.  You are using LDAPS.  This will never work.

Try

ldapsearch -x -H ldaps://curri0.imppc.local:636/
It doesn't work either, still complains about not being able to contact the server. 
But now I see a different error:

ldapsearch -x -H ldaps://curri0.imppc.local:636 -d1
ldap_url_parse_ext(ldaps://curri0.imppc.local:636)
ldap_create
ldap_url_parse_ext(ldaps://curri0.imppc.local:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP curri0.imppc.local:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 172.19.5.13:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS: could not initialize moznss using security dir /etc/openldap/cacerts - error -8174:Unknown code ___f 18. 
TLS: could not add the certificate (null) - error -8192:Unknown code ___f 0.
TLS: error: connect - force handshake failure -1 - error -8054:Unknown code ___f 138 
TLS: can't connect: .
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)


and this is what the server says:
slap_listener_activate(8):
>>> slap_listener(ldaps://curri0.imppc.local:636)
connection_get(12): got connid=1008
connection_read(12): checking for input on id=1008
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(12): got connid=1008
connection_read(12): checking for input on id=1008
TLS trace: SSL3 alert read:fatal:bad certificate
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate. 
connection_read(12): TLS accept failure error=-1 id=1008, closing
connection_close: conn=1008 sd=12
any clue? the error on the client side seems to indicate that the client is trying to use the nss from the mozilla but I never meant to this, openssl is installed. 
Thanks a lot for your help.
j

instead.

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration