[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Netscape to slapd with SSL anonymous OK, login fails
Can someone help me understand the problem here please. It looks like a bug
in Netscape or slapd (but I have been wrong before).
Environment: OpenLDAP 2.0.6 NT4 compiled with HAVE_CYRUS_SSL undefined,
configured for TLS/SSL using OpenSSL 0.9.6. Own demo CA and certificate in
use. Certificate installed in client using Netscape browser
(https://myserver:636) as per Julio, openldap-devel/199908/msg00039.html
ldapsearch -Z appears to work OK in all four modes (Anon/Login SSL/No SSL)
Netscape 4.75 on NT works as follows
Anonymous No SSL OK
Anonymous SSL OK
Login No SSL OK
Login SSL Netscape reports "Failed to search error
Referral Hop Limit (0x61)"
slapd -d2037 log follows
OpenLDAP -devel Standalone LDAP Server (slapd)daemon_init: ldap:///
ldaps:///
daemon_init: listen on ldap:///
daemon_init: listen on ldaps:///
daemon_init: 2 listeners to open...
ldap_url_parse(ldap:///)
daemon: initialized ldap:///
ldap_url_parse(ldaps:///)
daemon: initialized ldaps:///
daemon_init: 2 listeners opened
slapd init: initiated server.
reading config file c:\openldap\slapd0.conf
line 6 (include
c:\\openldap\\openldap-2.0.6\\servers\\slapd\\schema\\core.schema)
reading config file
c:\openldap\openldap-2.0.6\servers\slapd\schema\core.schema
schema log detail removed
line 16 (pidfile c:\\openldap\\slapd.pid)
line 17 (argsfile c:\\openldap\\slapd.args)
line 26 (defaultsearchbase dc=hudson,dc=com)
line 28 (defaultaccess none)
line 31 (TLSCipherSuite DES-CBC3-SHA)
line 33 (TLSCertificateFile c:\\openldap\\newcert.pem)
line 34 (TLSCertificateKeyFile c:\\openldap\\privkey.pem)
line 35 (TLSCACertificateFile c:\\openldap\\cacert.pem)
line 42 (database ldbm)
line 43 (suffix "dc=HUDSON,dc=COM")
line 44 (rootdn "cn=Hudson-A,dc=HUDSON,dc=COM")
line 48 (rootpw secret)
line 51 (directory c:\\openldap\\openldap-ldbm)
line 58 (access to attr=userPassword by self write by anonymous auth by *
none)
line 61 (access to * by self write by * read)
line 64 (index cn,sn pres,eq,sub)
index cn 0x0716
index sn 0x0716
line 65 (index objectClass eq)
index objectClass 0x0004
line 67 (lastmod on)
slapd startup: initiated.
slapd starting
daemon: added 92r
daemon: added 52r
daemon: select: listen=92 active_threads=0 tvp=NULL
daemon: select: listen=52 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 468
daemon: added 468r
daemon: activity on: 52r
daemon: select: listen=92 active_threads=0 tvp=NULL
daemon: select: listen=52 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 468r
daemon: read activity on 468
connection_get(468)
connection_get(468): got connid=0
connection_read(468): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
0000: 80 46 01 03 00 00 2d 00 00 00 10 .F....-....
tls_read: want=61, got=61
0000: 01 00 80 02 00 80 03 00 80 04 00 80 06 00 40 07 ..............@.
0010: 00 c0 00 00 04 00 fe ff 00 00 0a 00 fe fe 00 00 ......þ.....þþ..
0020: 09 00 00 64 00 00 62 00 00 03 00 00 06 5f 4b 32 ...d..b......_K2
0030: 31 89 41 d9 9a cc e2 6d 08 a6 b5 be 70 1.A....m....p
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
tls_write: want=1024, written=1024
0000: 16 03 00 00 4a 02 00 00 46 03 00 39 ea 03 81 13 ....J...F..9....
0010: ed f7 73 68 2d ea a0 ff 8d af 79 26 d6 b2 d1 d5 ..sh-.....y&....
0020: 6f 59 4b 73 db 3c e7 91 3c be 09 20 79 1a 3c be oYKs.<..<.. y.<.
0030: 58 9f f2 d1 0d d8 28 fb 47 86 5d f5 e1 2e a5 32 X.....(ûG.]....2
0040: 6f ce 59 53 2d 5d 95 a3 bd cd 5f 2e 00 0a 00 16 o.YS-]...._.....
0050: 03 00 05 a8 0b 00 05 a4 00 05 a1 00 02 dc 30 82 ..............0.
0060: 02 d8 30 82 02 41 a0 03 02 01 02 02 01 02 30 0d ..0..A........0.
0070: 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 4e 31 ..*.H........0N1
0080: 0b 30 09 06 03 55 04 06 13 02 55 4b 31 0e 30 0c .0...U....UK1.0.
0090: 06 03 55 04 08 13 05 42 75 63 6b 73 31 0b 30 09 ..U....Bucks1.0.
00a0: 06 03 55 04 07 13 02 47 4d 31 0e 30 0c 06 03 55 ..U....GM1.0...U
00b0: 04 0a 13 05 48 54 20 43 41 31 12 30 10 06 03 55 ....HT CA1.0...U
00c0: 04 03 13 09 44 61 76 69 64 20 48 61 79 30 1e 17 ....David Hay0..
00d0: 0d 30 30 31 30 31 31 31 36 35 32 33 35 5a 17 0d .001011165235Z..
00e0: 30 31 31 30 31 31 31 36 35 32 33 35 5a 30 40 31 011011165235Z0@1
00f0: 0b 30 09 06 03 55 04 06 13 02 55 4b 31 0a 30 08 .0...U....UK1.0.
0100: 06 03 55 04 08 13 01 42 31 0b 30 09 06 03 55 04 ..U....B1.0...U.
0110: 07 13 02 47 4d 31 0b 30 09 06 03 55 04 0a 13 02 ...GM1.0...U....
0120: 48 54 31 0b 30 09 06 03 55 04 03 13 02 44 48 30 HT1.0...U....DH0
0130: 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 ..0...*.H.......
0140: 00 03 81 8d 00 30 81 89 02 81 81 00 a2 5e 00 d6 .....0.......^..
0150: fc d0 fc 8b 8c a1 30 79 08 96 53 f5 4b 55 14 89 ü.ü...0y..S.KU..
0160: f8 37 f1 1b 54 aa be 44 99 18 2b 66 14 1b ed 25 .7..T..D..+f...%
0170: 9c db d2 bb 20 5b d3 b4 68 3e 35 80 49 a3 9f 64 .... [..h>5.I..d
0180: 78 ef 3c 9b 12 f8 26 4b be a9 14 b7 67 d8 87 67 x.<...&K....g..g
0190: c5 ab 08 b0 8a 6b ed db b4 28 27 9e 04 a9 66 53 .....k...('...fS
01a0: 1b a0 f6 26 c8 2c cc 8d e8 b2 fd a3 53 99 1d 63 ...&.,....ý.S..c
01b0: a1 57 0a 93 c3 a8 b8 3a 51 f9 30 d1 6b 61 31 9a .W.....:Q.0.ka1.
01c0: 88 d7 7a fe 38 98 aa b0 e0 39 44 27 02 03 01 00 ..zþ8....9D'....
01d0: 01 a3 81 d3 30 81 d0 30 09 06 03 55 1d 13 04 02 ....0..0...U....
01e0: 30 00 30 2c 06 09 60 86 48 01 86 f8 42 01 0d 04 0.0,..`.H...B...
01f0: 1f 16 1d 4f 70 65 6e 53 53 4c 20 47 65 6e 65 72 ...OpenSSL Gener
0200: 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 ated Certificate
0210: 30 1d 06 03 55 1d 0e 04 16 04 14 9f 77 41 ac 8c 0...U.......wA..
0220: b1 43 ce ce 27 7c 98 dd 7f 24 89 93 0c 0e b5 30 .C..'|...$.....0
0230: 76 06 03 55 1d 23 04 6f 30 6d 80 14 6c b7 89 8c v..U.#.o0m..l...
0240: c5 2d a7 38 69 83 32 5b a9 51 a6 d8 ea 76 67 bb .-.8i.2[.Q...vg.
0250: a1 52 a4 50 30 4e 31 0b 30 09 06 03 55 04 06 13 .R.P0N1.0...U...
0260: 02 55 4b 31 0e 30 0c 06 03 55 04 08 13 05 42 75 .UK1.0...U....Bu
0270: 63 6b 73 31 0b 30 09 06 03 55 04 07 13 02 47 4d cks1.0...U....GM
0280: 31 0e 30 0c 06 03 55 04 0a 13 05 48 54 20 43 41 1.0...U....HT CA
0290: 31 12 30 10 06 03 55 04 03 13 09 44 61 76 69 64 1.0...U....David
02a0: 20 48 61 79 82 01 00 30 0d 06 09 2a 86 48 86 f7 Hay...0...*.H..
02b0: 0d 01 01 04 05 00 03 81 81 00 9b f4 7c fd 9a 72 ............|ý.r
02c0: c4 5e ee d4 88 0d 1e b0 fe 5f 11 98 ed 5c 3c 3e .^......þ_...\<>
02d0: 9a e8 6d 1d 31 61 95 3f c1 6f 82 43 ce 40 60 4c ..m.1a.?.o.C.@`L
02e0: 48 d1 15 ab 51 cc e4 79 c6 05 f6 ac 3f 0b 0d ab H...Q..y....?...
02f0: 09 61 77 66 48 90 fe 22 13 2e 66 c1 7b 9d a3 8b .awfH.þ"..f.{...
0300: 3b 78 d0 8c bf 74 c4 da 1e 20 db d2 eb da be 34 ;x...t... .....4
0310: 7c 79 48 1b e8 06 ee 9d c0 90 4a 53 5b 59 28 72 |yH.......JS[Y(r
0320: 2e 5e 35 f1 33 3b e2 04 27 d5 bb fb 56 d0 a4 bd .^5.3;..'..ûV...
0330: 2b 16 3b 4e e2 a7 ce 55 f6 7f 00 02 bf 30 82 02 +.;N...U.....0..
0340: bb 30 82 02 24 a0 03 02 01 02 02 01 00 30 0d 06 .0..$........0..
0350: 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 4e 31 0b .*.H........0N1.
0360: 30 09 06 03 55 04 06 13 02 55 4b 31 0e 30 0c 06 0...U....UK1.0..
0370: 03 55 04 08 13 05 42 75 63 6b 73 31 0b 30 09 06 .U....Bucks1.0..
0380: 03 55 04 07 13 02 47 4d 31 0e 30 0c 06 03 55 04 .U....GM1.0...U.
0390: 0a 13 05 48 54 20 43 41 31 12 30 10 06 03 55 04 ...HT CA1.0...U.
03a0: 03 13 09 44 61 76 69 64 20 48 61 79 30 1e 17 0d ...David Hay0...
03b0: 30 30 31 30 31 31 31 35 35 37 35 38 5a 17 0d 30 001011155758Z..0
03c0: 31 31 30 31 31 31 35 35 37 35 38 5a 30 4e 31 0b 11011155758Z0N1.
03d0: 30 09 06 03 55 04 06 13 02 55 4b 31 0e 30 0c 06 0...U....UK1.0..
03e0: 03 55 04 08 13 05 42 75 63 6b 73 31 0b 30 09 06 .U....Bucks1.0..
03f0: 03 55 04 07 13 02 47 4d 31 0e 30 0c 06 03 55 04 .U....GM1.0...U.
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
tls_write: want=517, written=517
0000: 0a 13 05 48 54 20 43 41 31 12 30 10 06 03 55 04 ...HT CA1.0...U.
0010: 03 13 09 44 61 76 69 64 20 48 61 79 30 81 9f 30 ...David Hay0..0
0020: 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 ...*.H..........
0030: 8d 00 30 81 89 02 81 81 00 bd 04 2d 4f 3c 4b c7 ..0........-O<K.
0040: a4 52 cd 3d de 83 12 61 f3 37 61 26 6d 04 0f 93 .R.=...a.7a&m...
0050: f3 0a 1e 84 af 36 fe 6b d2 1b 6e c4 5e ee ee 53 .....6þk..n.^..S
0060: a5 7b 0c b4 f2 e2 1d ea d4 6d 5a 00 87 18 ea af .{.......mZ.....
0070: e7 75 d7 38 b3 83 17 9b 60 36 6a 88 50 9a c0 c0 .u.8....`6j.P...
0080: b7 06 a9 2d b8 07 dd 32 a4 1d 7a ba 24 cb dd 95 ...-...2..z.$...
0090: cc bd 45 10 c6 56 d9 89 10 fd 31 c0 f7 37 40 f3 ..E..V...ý1..7@.
00a0: dc b0 de d6 2c db 1f c7 9b a9 c4 bd 4c a2 16 36 ....,.......L..6
00b0: c7 34 f3 83 4b a1 d6 c5 c7 02 03 01 00 01 a3 81 .4..K...........
00c0: a8 30 81 a5 30 1d 06 03 55 1d 0e 04 16 04 14 6c .0..0...U......l
00d0: b7 89 8c c5 2d a7 38 69 83 32 5b a9 51 a6 d8 ea ....-.8i.2[.Q...
00e0: 76 67 bb 30 76 06 03 55 1d 23 04 6f 30 6d 80 14 vg.0v..U.#.o0m..
00f0: 6c b7 89 8c c5 2d a7 38 69 83 32 5b a9 51 a6 d8 l....-.8i.2[.Q..
0100: ea 76 67 bb a1 52 a4 50 30 4e 31 0b 30 09 06 03 .vg..R.P0N1.0...
0110: 55 04 06 13 02 55 4b 31 0e 30 0c 06 03 55 04 08 U....UK1.0...U..
0120: 13 05 42 75 63 6b 73 31 0b 30 09 06 03 55 04 07 ..Bucks1.0...U..
0130: 13 02 47 4d 31 0e 30 0c 06 03 55 04 0a 13 05 48 ..GM1.0...U....H
0140: 54 20 43 41 31 12 30 10 06 03 55 04 03 13 09 44 T CA1.0...U....D
0150: 61 76 69 64 20 48 61 79 82 01 00 30 0c 06 03 55 avid Hay...0...U
0160: 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 ....0....0...*.H
0170: 86 f7 0d 01 01 04 05 00 03 81 81 00 3a 96 b9 fc ............:..ü
0180: 91 82 41 39 ae dc 0e 31 7b f3 33 96 a0 ca dc 3d ..A9...1{.3....=
0190: 18 6c e3 00 61 07 0b 0f 7e 74 0c 3c b7 85 40 ee .l..a...~t.<..@.
01a0: 83 55 17 f0 46 ab 04 3e 19 14 e6 1a 1f cb 50 9a .U..F..>......P.
01b0: 47 3a 58 10 b7 39 3e 61 d2 11 85 aa 89 77 24 b6 G:X..9>a.....w$.
01c0: bd 9f b0 d0 17 fe 44 4a 68 e9 39 35 bb d6 f8 32 .....þDJh.95...2
01d0: 8c d2 02 66 f2 ab f1 e3 e9 46 47 28 65 26 dc fb ...f.....FG(e&.û
01e0: ed 19 91 1b 86 a3 d9 58 bc 0f d0 2a 38 e5 a6 9b .......X...*8...
01f0: 2b f4 f4 4e e0 5b 98 a2 c8 fb 52 f1 16 03 00 00 +..N.[...ûR.....
0200: 04 0e 00 00 00 .....
TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=unknown error
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=92 active_threads=0 tvp=NULL
daemon: select: listen=52 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 468r
daemon: read activity on 468
connection_get(468)
connection_get(468): got connid=0
connection_read(468): checking for input on id=0
tls_read: want=5, got=5
0000: 16 03 00 00 84 .....
tls_read: want=132, got=132
0000: 10 00 00 80 94 30 af 93 d1 99 8d 3b b7 70 4a 46 .....0.....;.pJF
0010: e4 6f 27 59 dd 95 de b3 30 12 14 1e 53 1f d2 81 .o'Y....0...S...
0020: f7 3b 54 7d fc 11 34 d7 09 8d ea 8a 81 ff a0 96 .;T}ü.4.........
0030: 4d 0f ab c6 7d 80 b3 14 a7 c3 87 8f 02 48 ec a2 M...}........H..
0040: 55 04 c9 8e 97 d9 85 26 3b ba 57 91 e3 34 9e 11 U......&;.W..4..
0050: 24 d0 93 a7 8a 42 57 84 60 24 9f 84 0c 71 4c 84 $....BW.`$...qL.
0060: c8 b9 f2 e0 e5 b9 15 05 56 cc 7f ee a5 48 d7 db ........V....H..
0070: f5 80 d2 f4 c8 46 af e8 52 b5 b4 b0 5b 6c 8a 9a .....F..R...[l..
0080: 43 30 34 45 C04E
TLS trace: SSL_accept:SSLv3 read client key exchange A
tls_read: want=5 error=unknown error
TLS trace: SSL_accept:error in SSLv3 read certificate verify A
daemon: select: listen=92 active_threads=0 tvp=NULL
daemon: select: listen=52 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 468r
daemon: read activity on 468
connection_get(468)
connection_get(468): got connid=0
connection_read(468): checking for input on id=0
tls_read: want=5, got=5
0000: 14 03 00 00 01 .....
tls_read: want=1, got=1
0000: 01 .
tls_read: want=5, got=5
0000: 16 03 00 00 40 ....@
tls_read: want=64, got=64
0000: dc 6c a0 82 c2 bd a9 d8 47 51 33 f1 30 6c 84 6f .l......GQ3.0l.o
0010: 9b 9e 6f 08 3f f0 ec da be 2d 5c 12 60 76 51 c7 ..o.?....-\.`vQ.
0020: 3b 5c 4a 00 87 73 48 dd 0d 76 7e d5 67 f4 6f 0c ;\J..sH..v~.g.o.
0030: 98 30 07 9c c0 15 db f7 37 60 94 68 10 bc eb 2e .0......7`.h....
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
tls_write: want=75, written=75
0000: 14 03 00 00 01 01 16 03 00 00 40 18 c9 5e af 28 ..........@..^.(
0010: a4 09 0d 53 3f e0 4e cd c6 c4 61 83 42 8c 2a 1b ...S?.N...a.B.*.
0020: 43 a3 7e 9b 23 d0 8b 8c 19 3a df 2a 92 92 16 03 C.~.#....:.*....
0030: 23 e1 d6 08 9e 16 16 a6 49 0a 69 f6 e5 35 c5 b1 #.......I.i..5..
0040: 4e 1d a6 9b 74 91 4d 1d d4 ec 7a N...t.M...z
TLS trace: SSL_accept:SSLv3 flush data
daemon: select: listen=92 active_threads=0 tvp=NULL
daemon: select: listen=52 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 468r
daemon: read activity on 468
connection_get(468)
connection_get(468): got connid=0
connection_read(468): checking for input on id=0
ber_get_next
tls_read: want=5, got=5
0000: 17 03 00 00 28 ....(
tls_read: want=40, got=40
0000: a8 a6 6b 58 34 a3 f5 f3 6d d4 9b ad 2f 2c 47 9d ..kX4...m.../,G.
0010: 75 93 2d 86 76 44 1e 9e df 63 34 37 69 0f 02 32 u.-.vD...c47i..2
0020: af 5e 46 c4 31 70 8c 46 .^F.1p.F
sockbuf_read: want=1, got=1
0000: 30 0
sockbuf_read: want=1, got=1
0000: 0c .
sockbuf_read: want=12, got=12
0000: 02 01 01 60 07 02 01 02 04 00 80 00 ...`........
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x00db6b50 ptr=0x00db6b50 end=0x00db6b5c len=12
0000: 02 01 01 60 07 02 01 02 04 00 80 00 ...`........
ber_get_next
tls_read: want=5 error=unknown error
sockbuf_read: want=1 error=unknown error
ber_get_next on fd 468 failed errno=10035 (WSAEWOULDBLOCK)
do_bind
ber_scanf fmt ({iat) ber:
ber_dump: buf=0x00db6b50 ptr=0x00db6b53 end=0x00db6b5c len=9
0000: 60 07 02 01 02 04 00 80 00 `........
ber_scanf fmt (o}) ber:
ber_dump: buf=0x00db6b50 ptr=0x00db6b5a end=0x00db6b5c len=2
0000: 80 00 ..
do_bind: version=2 dn="" method=128
bind OK
do_bind: v2 anonymous bind
send_ldap_result err:0
send_ldap_result: conn=0 op=0 p=2
send_ldap_result: 0::
send_ldap_response: msgid=1 tag=97 err=0
ber_flush: 14 bytes to sd 468
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
tls_write: want=45, written=45
0000: 17 03 00 00 28 92 fc 81 ee 22 dc 1a 88 13 49 9c ....(.ü.."....I.
0010: 9a 96 75 73 61 11 63 de 8a dd c1 4e 3e b2 92 16 ..usa.c....N>...
0020: 5c 48 98 e7 1e 19 07 8b ce 10 e2 7f dd \H...........
sockbuf_write: want=14, written=14
0000: 30 0c 02 01 01 61 07 0a 01 00 04 00 04 00 0....a........
daemon: select: listen=92 active_threads=1 tvp=NULL
daemon: select: listen=52 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=92 active_threads=1 tvp=NULL
daemon: select: listen=52 active_threads=1 tvp=NULL
slap_sig_shutdown: signal 2
daemon: shutdown requested and initiated.
daemon: closing 92
slapd shutdown: waiting for 0 threads to terminate
slapd shutdown: initiated
ldbm backend syncing
ldbm backend done syncing
====> cache_release_all
slapd shutdown: freeing system resources.
slapd stopped.
tls_write: want=29, written=29
0000: 15 03 00 00 18 ea c9 ee 58 48 a9 d5 4a c4 09 b4 ........XH..J...
0010: 30 86 0e 7b 17 5e 87 3b 5a 66 14 b0 6f 0..{.^.;Zf..o
TLS trace: SSL3 alert write:warning:close notify