[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap client tools core dumping with tls/ssl
At 03:52 PM 1/15/01 -0500, Robert Watt wrote:
>Hi.
>
>I'm having trouble with the ldap client tools core dumping every time I
>try to access my server using tls.
>
>I'm using OpenLdap v2.0.7 on a Red Hat 7.0 box, and compiled it with:
>
>./configure --prefix=/usr/local --enable-syslog --enable-debug
>--enable-cyrus-sasl --enable-tls --enable-fetch
>
>'make test' reports no errors.
>
>Using openssl's CA.pl I generated a CA cert, server cert and key and
>server starts with: slapd -h ldaps://localhost:636 -d255
>
>As soon as I try to query or add by connecting to the secure server, the
>client seg faults and dumps core. The switches I'm using are:
>
> ldapsearch -x -b "dc=collab,dc=net" -Z -H ldaps://localhost:636 cn=*
I note that using Start TLS in conjunction with LDAP over SSL makes
no sense. That is, -Z and -H ldaps://... are mutually exclusive options.
However, as you didn't make it to Start TLS code, you didn't get
the warning (error if -ZZ).
I also note that in your client log, the command had no -x, so
SASL was used. One shouldn't use SASL in conjunction with ldaps://.
You also did not have a space between the -w and secret which
might cause odd behavior.
Of ldap clients shouldn't crash. To sort out why it crashed,
I'd need a stack traceback. You're welcome to submit an ITS
on this.
As far as sorting out why LDAP over SSL is failing, I would
suggest experimenting with openssl(1) s_client and s_server.
>Attached is the debugging output from the client and the server.
>
>Any help or ideas would be appreciated.