[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5997) slapo-chain TLS issues
--0016364270d292f5780464b1d5a8
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
overlay chain
chain-rebind-as-user FALSE
chain-uri ldap://XXXXXX
chain-rebind-as-user TRUE
chain-idassert-bind
bindmethod=simple
binddn="cn=Manager,dc=XXXX,dc=com"
credentials=secret
mode=self
starttls=yes
tls_reqcert=never
chain-tls start
chain-return-error TRUE
----------- bind as rootdn ----------------------
conn=7 fd=14 ACCEPT from IP=10.1.1.10:42992 (IP=0.0.0.0:389)
conn=7 op=0 EXT oid=1.3.6.1.4.1.1466.20037
conn=7 op=0 STARTTLS
conn=7 op=0 RESULT oid= err=0 text=
conn=7 fd=14 TLS established tls_ssf=256 ssf=256
conn=7 op=1 BIND dn="cn=Manager,dc=XXXX,dc=com" method=128
conn=7 op=1 BIND dn="cn=Manager,dc=XXXX,dc=com" mech=SIMPLE ssf=0
conn=7 op=1 RESULT tag=97 err=0 text=
conn=7 op=2 SRCH base="uid=USERNAME,ou=People,dc=XXXX,dc=com" scope=0
deref=0 filter="(objectClass=*)"
conn=7 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=7 op=3 MOD dn="uid=USERNAME,ou=People,dc=XXXX,dc=com"
conn=7 op=3 MOD attr=userPassword userPassword
TLS certificate verification: Error, self signed certificate in certificate
chain
TLS: can't connect: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
conn=7 op=3 RESULT tag=103 err=52 text=
conn=7 op=4 UNBIND
conn=7 fd=14 closed
----------- bind as normal user ----------------------
conn=11 fd=14 ACCEPT from IP=10.1.1.10:36765 (IP=0.0.0.0:389)
conn=11 op=0 EXT oid=1.3.6.1.4.1.1466.20037
conn=11 op=0 STARTTLS
conn=11 op=0 RESULT oid= err=0 text=
conn=11 fd=14 TLS established tls_ssf=256 ssf=256
conn=11 op=1 BIND dn="uid=USERNAME,ou=People,dc=XXXX,dc=com" method=128
conn=11 op=1 BIND dn="uid=USERNAME,ou=People,dc=XXXX,dc=com" mech=SIMPLE
ssf=0
conn=11 op=1 RESULT tag=97 err=0 text=
conn=11 op=2 SRCH base="uid=USERNAME,ou=People,dc=XXXX,dc=com" scope=0
deref=0 filter="(objectClass=*)"
conn=11 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=11 op=3 MOD dn="uid=USERNAME,ou=People,dc=XXXX,dc=com"
conn=11 op=3 MOD attr=userPassword userPassword
conn=11 op=3 RESULT tag=103 err=0 text=
conn=11 op=4 UNBIND
conn=11 fd=14 closed
conn=12 fd=14 ACCEPT from IP=10.1.1.10:36766 (IP=0.0.0.0:389)
conn=12 op=0 EXT oid=1.3.6.1.4.1.1466.20037
conn=12 op=0 STARTTLS
conn=12 op=0 RESULT oid= err=0 text=
conn=12 fd=14 TLS established tls_ssf=256 ssf=256
conn=12 op=1 BIND dn="uid=USERNAME,ou=People,dc=XXXX,dc=com" method=128
conn=12 op=1 RESULT tag=97 err=49 text=
conn=13 fd=24 ACCEPT from IP=10.1.1.10:36767 (IP=0.0.0.0:389)
conn=13 op=0 EXT oid=1.3.6.1.4.1.1466.20037
conn=13 op=0 STARTTLS
conn=13 op=0 RESULT oid= err=0 text=
conn=13 fd=24 TLS established tls_ssf=256 ssf=256
conn=13 op=1 BIND dn="uid=USERNAME,ou=People,dc=XXXX,dc=com" method=128
conn=13 op=1 RESULT tag=97 err=49 text=
conn=12 op=2 UNBIND
conn=12 fd=14 closed
conn=13 op=2 UNBIND
conn=13 fd=24 closed
--0016364270d292f5780464b1d5a8
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
overlay chain<br>chain-rebind-as-user FALSE<br>chain-uri ldap://XXXXXX<br>c=
hain-rebind-as-user TRUE<br>chain-idassert-bind<br>=A0=A0=A0 bindmethod=3Ds=
imple<br>=A0=A0=A0 binddn=3D"cn=3DManager,dc=3DXXXX,dc=3Dcom"<br>=
=A0=A0=A0 credentials=3Dsecret<br>
=A0=A0=A0 mode=3Dself<br>=A0=A0=A0 starttls=3Dyes<br>=A0=A0=A0 tls_reqcert=
=3Dnever<br>chain-tls start<br>chain-return-error TRUE<br><br><br><br>-----=
------ bind as rootdn ----------------------<br><br>conn=3D7 fd=3D14 ACCEPT=
from IP=3D<a href=3D"http://10.1.1.10:42992">10.1.1.10:42992</a> (IP=3D<a =
href=3D"http://0.0.0.0:389">0.0.0.0:389</a>)<br>
conn=3D7 op=3D0 EXT oid=3D1.3.6.1.4.1.1466.20037<br>conn=3D7 op=3D0 STARTTL=
S<br>conn=3D7 op=3D0 RESULT oid=3D err=3D0 text=3D<br>conn=3D7 fd=3D14 TLS =
established tls_ssf=3D256 ssf=3D256<br>conn=3D7 op=3D1 BIND dn=3D"cn=
=3DManager,dc=3DXXXX,dc=3Dcom" method=3D128<br>
conn=3D7 op=3D1 BIND dn=3D"cn=3DManager,dc=3DXXXX,dc=3Dcom" mech=
=3DSIMPLE ssf=3D0<br>conn=3D7 op=3D1 RESULT tag=3D97 err=3D0 text=3D<br>con=
n=3D7 op=3D2 SRCH base=3D"uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dco=
m" scope=3D0 deref=3D0 filter=3D"(objectClass=3D*)"<br>
conn=3D7 op=3D2 SEARCH RESULT tag=3D101 err=3D0 nentries=3D1 text=3D<br>con=
n=3D7 op=3D3 MOD dn=3D"uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dcom&q=
uot;<br>conn=3D7 op=3D3 MOD attr=3DuserPassword userPassword<br>TLS certifi=
cate verification: Error, self signed certificate in certificate chain<br>
TLS: can't connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFI=
CATE:certificate verify failed.<br>conn=3D7 op=3D3 RESULT tag=3D103 err=3D5=
2 text=3D<br>conn=3D7 op=3D4 UNBIND<br>conn=3D7 fd=3D14 closed<br><br><br>-=
---------- bind as normal user ----------------------<br>
<br>conn=3D11 fd=3D14 ACCEPT from IP=3D<a href=3D"http://10.1.1.10:36765">1=
0.1.1.10:36765</a> (IP=3D<a href=3D"http://0.0.0.0:389">0.0.0.0:389</a>)<br=
>conn=3D11 op=3D0 EXT oid=3D1.3.6.1.4.1.1466.20037<br>conn=3D11 op=3D0 STAR=
TTLS<br>conn=3D11 op=3D0 RESULT oid=3D err=3D0 text=3D<br>
conn=3D11 fd=3D14 TLS established tls_ssf=3D256 ssf=3D256<br>conn=3D11 op=
=3D1 BIND dn=3D"uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dcom" me=
thod=3D128<br>conn=3D11 op=3D1 BIND dn=3D"uid=3DUSERNAME,ou=3DPeople,d=
c=3DXXXX,dc=3Dcom" mech=3DSIMPLE ssf=3D0<br>
conn=3D11 op=3D1 RESULT tag=3D97 err=3D0 text=3D<br>conn=3D11 op=3D2 SRCH b=
ase=3D"uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dcom" scope=3D0 d=
eref=3D0 filter=3D"(objectClass=3D*)"<br>conn=3D11 op=3D2 SEARCH =
RESULT tag=3D101 err=3D0 nentries=3D1 text=3D<br>
conn=3D11 op=3D3 MOD dn=3D"uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dc=
om"<br>conn=3D11 op=3D3 MOD attr=3DuserPassword userPassword<br>conn=
=3D11 op=3D3 RESULT tag=3D103 err=3D0 text=3D<br>conn=3D11 op=3D4 UNBIND<br=
>conn=3D11 fd=3D14 closed<br>conn=3D12 fd=3D14 ACCEPT from IP=3D<a href=3D"=
http://10.1.1.10:36766">10.1.1.10:36766</a> (IP=3D<a href=3D"http://0.0.0.0=
:389">0.0.0.0:389</a>)<br>
conn=3D12 op=3D0 EXT oid=3D1.3.6.1.4.1.1466.20037<br>conn=3D12 op=3D0 START=
TLS<br>conn=3D12 op=3D0 RESULT oid=3D err=3D0 text=3D<br>conn=3D12 fd=3D14 =
TLS established tls_ssf=3D256 ssf=3D256<br>conn=3D12 op=3D1 BIND dn=3D"=
;uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dcom" method=3D128<br>
conn=3D12 op=3D1 RESULT tag=3D97 err=3D49 text=3D<br>conn=3D13 fd=3D24 ACCE=
PT from IP=3D<a href=3D"http://10.1.1.10:36767">10.1.1.10:36767</a> (IP=3D<=
a href=3D"http://0.0.0.0:389">0.0.0.0:389</a>)<br>conn=3D13 op=3D0 EXT oid=
=3D1.3.6.1.4.1.1466.20037<br>
conn=3D13 op=3D0 STARTTLS<br>conn=3D13 op=3D0 RESULT oid=3D err=3D0 text=3D=
<br>conn=3D13 fd=3D24 TLS established tls_ssf=3D256 ssf=3D256<br>conn=3D13 =
op=3D1 BIND dn=3D"uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dcom" =
method=3D128<br>conn=3D13 op=3D1 RESULT tag=3D97 err=3D49 text=3D<br>
conn=3D12 op=3D2 UNBIND<br>conn=3D12 fd=3D14 closed<br>conn=3D13 op=3D2 UNB=
IND<br>conn=3D13 fd=3D24 closed<br><br>
--0016364270d292f5780464b1d5a8--