[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: unsupported extended operation

To: "Howard Chu" <hyc@symas.com>, <openldap-technical@openldap.org>
Subject: RE: unsupported extended operation
From: "Rodney Simioni" <rodney.simioni@verio.net>
Date: Tue, 25 Jun 2013 20:34:04 -0400
Content-class: urn:content-classes:message
Importance: normal
In-reply-to: <51CA1B51.9060000@symas.com>
References: <0971982CF6B9AB418FFD5FEF7F50CB9F0603E03B@IAD-WPRD-XCHB03.corp.verio.net> <51CA1B51.9060000@symas.com>
Thread-index: Ac5x9GSEWiHRtaXNRt65Ca/d0HzcqwADygPA
Thread-topic: unsupported extended operation


-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com] 
Sent: Tuesday, June 25, 2013 6:36 PM
To: Rodney Simioni; openldap-technical@openldap.org
Subject: Re: unsupported extended operation

Rodney Simioni wrote:
> Hi,
>
> I just compiled openldap with: ./configure 
> --prefix=/usr/local/openldap --enable-ldap --with-tls=openssl 
> --with-cyrus-sasl --enable-crypt
>
> I did a 'make depend', 'make', and a 'make install'; I didn't see any
errors.
>
> I fired up ldap with: './slapd -d127 -h "ldap:///";'
>
> Then I went to test my install with:' ldapsearch -x -ZZ -d1 -H
ldap://blah.com/'
>
> And I'm still getting:
>
> ldap_msgfree
>
> ldap_err2string
>
> ldap_start_tls: Protocol error (2)
>
>          additional info: unsupported extended operation
>
> ldap_free_connection 1 1
>
> ldap_send_unbind
>
> ber_flush2: 7 bytes to sd 3
>
> ldap_free_connection: actually freed
>
> Does anybody have a clue?

You haven't configured any of the TLS settings in the server yet.
[[Rod's comment]] 

This is my /usr/local/openldap/etc/openldap/ldap.conf

TLS_CACERTDIR /root # in root dir testing only, cert owned by ldap user
URI ldap://blah.securesites.com/
BASE dc=wh,dc=local

This is my slapd.ldif

olcTLSCACertificatePath: /root
olcTLSCertificateFile: /root/wildcard.securesites.com.cert
olcTLSCertificateKeyFile: /root/wildcard.securesites.com.key

This is my /usr/local/openldap/etc/openldap/slapd.conf

TLSCipherSuite HIGH:MEDIUM:-SSLv2
TLSCACertificateFile /root/wildcard.securesites.com.cert
TLSCertificateFile /root/wildcard.securesites.com.cert
TLSCertificateKeyFile /root/wildcard.securesites.com.key
~

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio Inc. makes no warranty that this email is error or virus free.  Thank you.

Follow-Ups:
- RE: unsupported extended operation
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- unsupported extended operation
  - From: "Rodney Simioni" <rodney.simioni@verio.net>
- Re: unsupported extended operation
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: unsupported extended operation
Next by Date: RE: unsupported extended operation
Index(es):
- Chronological
- Thread