[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP 2.0 Clients and Active Directory with SSL



Hi,
I've been trying to query an AD on W2k SP1 with the tools from OpenLDAP
2.0
(OPENLDAP_REL_ENG_2) using SSL. However ldapsearch will not return to
the shell after printing the results. 
See attachment for a trace of:
ldapsearch -x -l 1 -LLL -d 1 -H ldaps://dino -s base
supportedldapversion 

Using ldapsearch without SSL works fine, just like ldapsearch from the
Netscape SDK with SSL enabled.

-- 
Norbert Klasen
DFN Directory Services                           tel: +49 7071 29 70335
ZDV, Universität Tübingen                        fax: +49 7071 29 5912
D-72074 Tübingen                    norbert.klasen@zdv.uni-tuebingen.de
Germany                                     http://www.directory.dfn.de
ldap_create
ldap_url_parse(ldaps://dino)
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 134.2.217.40:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: dino.directory.dfn.de
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, subject: /C=DE/ST=BW/L=Tuebingen/O=DFN/OU=Directory Services/CN=dino.directory.dfn.de, issuer: /Email=norbert.klasen@directory.dfn.de/C=DE/ST=Baden-Wuerttemberg/L=Tuebingen/O=DFN/OU=Directory Services/CN=ActiveDirectory
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_delayed_open successful, ld_host is (null)
ldap_send_server_request
ber_flush: 14 bytes to sd 3
ldap_result
wait4msg (infinite timeout)
** Connections:
* host: dino  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Mon Oct 16 16:55:50 2000

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next: tag 0x30 len 16 contents:
ldap_read: message type bind msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
read1msg:  0 new referrals
read1msg:  mark request completed, id = 1
request 1 done
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt 1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_search_ext
put_filter "(objectclass=*)"
put_filter: simple
put_simple_filter "objectclass=*"
ldap_send_initial_request
ldap_send_server_request
ber_flush: 61 bytes to sd 3
ldap_result
wait4msg (infinite timeout)
** Connections:
* host: dino  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Mon Oct 16 16:55:50 2000

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select
read1msg
ber_get_next
ber_get_next: tag 0x30 len 57 contents:
ldap_read: message type search-entry msgid 2, original id 2
ldap_get_dn
ber_scanf fmt ({a) ber:
ber_scanf fmt ({xx) ber:
ldap_first_attribute
ber_scanf fmt ({xl{) ber:
ber_scanf fmt ({ax}) ber:
ldap_get_values_len
ber_scanf fmt ({x{{a) ber:
ber_scanf fmt ([V]) ber:
ldap_next_attribute
ldap_msgfree
ldap_result
wait4msg (infinite timeout)
** Connections:
* host: dino  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Mon Oct 16 16:55:50 2000

** Outstanding Requests:
 * msgid 2,  origid 2, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
do_ldap_select