[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5993) slapo-chain TLS issues



--0016364edc12a6fc2e0464b21737
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

overlay chain
chain-rebind-as-user FALSE
chain-uri ldap://XXXXXX
chain-rebind-as-user TRUE
chain-idassert-bind
    bindmethod=simple
    binddn="cn=Manager,dc=XXXX,dc=com"
    credentials=secret
    mode=self
    starttls=yes
    tls_reqcert=never
chain-tls start
chain-return-error TRUE

----------- bind as rootdn ----------------------

conn=7 fd=14 ACCEPT from IP=10.1.1.10:42992 (IP=0.0.0.0:389)
conn=7 op=0 EXT oid=1.3.6.1.4.1.1466.20037
conn=7 op=0 STARTTLS
conn=7 op=0 RESULT oid= err=0 text=
conn=7 fd=14 TLS established tls_ssf=256 ssf=256
conn=7 op=1 BIND dn="cn=Manager,dc=XXXX,dc=com" method=128
conn=7 op=1 BIND dn="cn=Manager,dc=XXXX,dc=com" mech=SIMPLE ssf=0
conn=7 op=1 RESULT tag=97 err=0 text=
conn=7 op=2 SRCH base="uid=USERNAME,ou=People,dc=XXXX,dc=com" scope=0
deref=0 filter="(objectClass=*)"
conn=7 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=7 op=3 MOD dn="uid=USERNAME,ou=People,dc=XXXX,dc=com"
conn=7 op=3 MOD attr=userPassword userPassword
TLS certificate verification: Error, self signed certificate in certificate
chain

TLS: can't connect: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed.
conn=7 op=3 RESULT tag=103 err=52 text=
conn=7 op=4 UNBIND
conn=7 fd=14 closed


----------- bind as normal user ----------------------

conn=11 fd=14 ACCEPT from IP=10.1.1.10:36765 (IP=0.0.0.0:389)
conn=11 op=0 EXT oid=1.3.6.1.4.1.1466.20037
conn=11 op=0 STARTTLS
conn=11 op=0 RESULT oid= err=0 text=
conn=11 fd=14 TLS established tls_ssf=256 ssf=256
conn=11 op=1 BIND dn="uid=USERNAME,ou=People,dc=XXXX,dc=com" method=128
conn=11 op=1 BIND dn="uid=USERNAME,ou=People,dc=XXXX,dc=com" mech=SIMPLE
ssf=0
conn=11 op=1 RESULT tag=97 err=0 text=
conn=11 op=2 SRCH base="uid=USERNAME,ou=People,dc=XXXX,dc=com" scope=0
deref=0 filter="(objectClass=*)"
conn=11 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=11 op=3 MOD dn="uid=USERNAME,ou=People,dc=XXXX,dc=com"
conn=11 op=3 MOD attr=userPassword userPassword
conn=11 op=3 RESULT tag=103 err=0 text=
conn=11 op=4 UNBIND
conn=11 fd=14 closed
conn=12 fd=14 ACCEPT from IP=10.1.1.10:36766 (IP=0.0.0.0:389)
conn=12 op=0 EXT oid=1.3.6.1.4.1.1466.20037
conn=12 op=0 STARTTLS
conn=12 op=0 RESULT oid= err=0 text=
conn=12 fd=14 TLS established tls_ssf=256 ssf=256
conn=12 op=1 BIND dn="uid=USERNAME,ou=People,dc=XXXX,dc=com" method=128
conn=12 op=1 RESULT tag=97 err=49 text=
conn=13 fd=24 ACCEPT from IP=10.1.1.10:36767 (IP=0.0.0.0:389)
conn=13 op=0 EXT oid=1.3.6.1.4.1.1466.20037
conn=13 op=0 STARTTLS
conn=13 op=0 RESULT oid= err=0 text=
conn=13 fd=24 TLS established tls_ssf=256 ssf=256
conn=13 op=1 BIND dn="uid=USERNAME,ou=People,dc=XXXX,dc=com" method=128
conn=13 op=1 RESULT tag=97 err=49 text=
conn=12 op=2 UNBIND
conn=12 fd=14 closed
conn=13 op=2 UNBIND
conn=13 fd=24 closed

--0016364edc12a6fc2e0464b21737
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

overlay chain<br>chain-rebind-as-user FALSE<br>chain-uri ldap://XXXXXX<br>c=
hain-rebind-as-user TRUE<br>chain-idassert-bind<br>=A0=A0=A0 bindmethod=3Ds=
imple<br>=A0=A0=A0 binddn=3D&quot;cn=3DManager,dc=3DXXXX,dc=3Dcom&quot;<br>=
=A0=A0=A0 credentials=3Dsecret<br>
=A0=A0=A0 mode=3Dself<br>=A0=A0=A0 starttls=3Dyes<br>=A0=A0=A0 tls_reqcert=
=3Dnever<br>chain-tls start<br>chain-return-error TRUE<br><br>----------- b=
ind as rootdn ----------------------<br><br>conn=3D7 fd=3D14 ACCEPT from IP=
=3D<a href=3D"http://10.1.1.10:42992";>10.1.1.10:42992</a> (IP=3D<a href=3D"=
http://0.0.0.0:389";>0.0.0.0:389</a>)<br>
conn=3D7 op=3D0 EXT oid=3D1.3.6.1.4.1.1466.20037<br>conn=3D7 op=3D0 STARTTL=
S<br>conn=3D7 op=3D0 RESULT oid=3D err=3D0 text=3D<br>conn=3D7 fd=3D14 TLS =
established tls_ssf=3D256 ssf=3D256<br>conn=3D7 op=3D1 BIND dn=3D&quot;cn=
=3DManager,dc=3DXXXX,dc=3Dcom&quot; method=3D128<br>
conn=3D7 op=3D1 BIND dn=3D&quot;cn=3DManager,dc=3DXXXX,dc=3Dcom&quot; mech=
=3DSIMPLE ssf=3D0<br>conn=3D7 op=3D1 RESULT tag=3D97 err=3D0 text=3D<br>con=
n=3D7 op=3D2 SRCH base=3D&quot;uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dco=
m&quot; scope=3D0 deref=3D0 filter=3D&quot;(objectClass=3D*)&quot;<br>
conn=3D7 op=3D2 SEARCH RESULT tag=3D101 err=3D0 nentries=3D1 text=3D<br>con=
n=3D7 op=3D3 MOD dn=3D&quot;uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dcom&q=
uot;<br>conn=3D7 op=3D3 MOD attr=3DuserPassword userPassword<br>TLS certifi=
cate verification: Error, self signed certificate in certificate chain<br>
<br>TLS: can&#39;t connect: error:14090086:SSL routines:SSL3_GET_SERVER_CER=
TIFICATE:certificate verify failed.<br>conn=3D7 op=3D3 RESULT tag=3D103 err=
=3D52 text=3D<br>conn=3D7 op=3D4 UNBIND<br>conn=3D7 fd=3D14 closed<br><br><=
br>----------- bind as normal user ----------------------<br>
<br>conn=3D11 fd=3D14 ACCEPT from IP=3D<a href=3D"http://10.1.1.10:36765";>1=
0.1.1.10:36765</a> (IP=3D<a href=3D"http://0.0.0.0:389";>0.0.0.0:389</a>)<br=
>conn=3D11 op=3D0 EXT oid=3D1.3.6.1.4.1.1466.20037<br>conn=3D11 op=3D0 STAR=
TTLS<br>conn=3D11 op=3D0 RESULT oid=3D err=3D0 text=3D<br>
conn=3D11 fd=3D14 TLS established tls_ssf=3D256 ssf=3D256<br>conn=3D11 op=
=3D1 BIND dn=3D&quot;uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dcom&quot; me=
thod=3D128<br>conn=3D11 op=3D1 BIND dn=3D&quot;uid=3DUSERNAME,ou=3DPeople,d=
c=3DXXXX,dc=3Dcom&quot; mech=3DSIMPLE ssf=3D0<br>
conn=3D11 op=3D1 RESULT tag=3D97 err=3D0 text=3D<br>conn=3D11 op=3D2 SRCH b=
ase=3D&quot;uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dcom&quot; scope=3D0 d=
eref=3D0 filter=3D&quot;(objectClass=3D*)&quot;<br>conn=3D11 op=3D2 SEARCH =
RESULT tag=3D101 err=3D0 nentries=3D1 text=3D<br>
conn=3D11 op=3D3 MOD dn=3D&quot;uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dc=
om&quot;<br>conn=3D11 op=3D3 MOD attr=3DuserPassword userPassword<br>conn=
=3D11 op=3D3 RESULT tag=3D103 err=3D0 text=3D<br>conn=3D11 op=3D4 UNBIND<br=
>conn=3D11 fd=3D14 closed<br>conn=3D12 fd=3D14 ACCEPT from IP=3D<a href=3D"=
http://10.1.1.10:36766";>10.1.1.10:36766</a> (IP=3D<a href=3D"http://0.0.0.0=
:389">0.0.0.0:389</a>)<br>
conn=3D12 op=3D0 EXT oid=3D1.3.6.1.4.1.1466.20037<br>conn=3D12 op=3D0 START=
TLS<br>conn=3D12 op=3D0 RESULT oid=3D err=3D0 text=3D<br>conn=3D12 fd=3D14 =
TLS established tls_ssf=3D256 ssf=3D256<br>conn=3D12 op=3D1 BIND dn=3D&quot=
;uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dcom&quot; method=3D128<br>
conn=3D12 op=3D1 RESULT tag=3D97 err=3D49 text=3D<br>conn=3D13 fd=3D24 ACCE=
PT from IP=3D<a href=3D"http://10.1.1.10:36767";>10.1.1.10:36767</a> (IP=3D<=
a href=3D"http://0.0.0.0:389";>0.0.0.0:389</a>)<br>conn=3D13 op=3D0 EXT oid=
=3D1.3.6.1.4.1.1466.20037<br>
conn=3D13 op=3D0 STARTTLS<br>conn=3D13 op=3D0 RESULT oid=3D err=3D0 text=3D=
<br>conn=3D13 fd=3D24 TLS established tls_ssf=3D256 ssf=3D256<br>conn=3D13 =
op=3D1 BIND dn=3D&quot;uid=3DUSERNAME,ou=3DPeople,dc=3DXXXX,dc=3Dcom&quot; =
method=3D128<br>conn=3D13 op=3D1 RESULT tag=3D97 err=3D49 text=3D<br>
conn=3D12 op=3D2 UNBIND<br>conn=3D12 fd=3D14 closed<br>conn=3D13 op=3D2 UNB=
IND<br>conn=3D13 fd=3D24 closed<br>

--0016364edc12a6fc2e0464b21737--