[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: trying to get tls working
Thank you.
/usr/local/libexec/slapd -d 1 -h "ldap:/// ldaps:///"
@(#) $OpenLDAP: slapd 2.X (Mon Aug 27 16:03:39 EDT 2001) $
root@cderr:/src/openldap-2.0.11/cvs/ldap/servers/slapd
daemon_init: listen on ldap:///
daemon_init: listen on ldaps:///
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: socket() failed errno=97 (Address family not supported by
protocol)
daemon: initialized ldap:///
ldap_url_parse_ext(ldaps:///)
daemon: socket() failed errno=97 (Address family not supported by
protocol)
daemon: initialized ldaps:///
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
slapd startup: initiated.
slapd starting
and then when i try to connect w/gq i get:
ldap_pvt_gethostbyname_a: host=cderr, r=0
connection_get(16): got connid=0
connection_read(16): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:565
connection_read(16): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=16 for close
connection_close: conn=0 sd=16
Thank you for any and all suggestions as to what i should change to get
tls successfully working,
~c
> "Chapman, Kyle" wrote:
>
> try /usr/local/libexec/slapd -d 1 -h "ldaps:/// ldap:///"
>
> and then connect with gq and see what errors show up with slapd...
>
> -----Original Message-----
> From: charlie derr [mailto:cderr@simons-rock.edu]
> Sent: Tuesday, August 28, 2001 11:26 AM
> To: openldap-software@OpenLDAP.org
> Subject: trying to get tls working
>
> Apologies for sending this message to the wrong list the first time.
>
> I'm a rank newbie at this ldap stuff, so take that into consideration
> as
> you read my comments.
>
> I grabbed code from CVS (cvs -z3 checkout -P ldap) and built it using
> --with-tls --with-cyrus-sasl. Everything seemed to go fine. However,
>
> when i start with:
>
> /usr/local/libexec/slapd -h "ldaps:///"
>
> i am not able to connect with either gq or the java ldapbrowser (i'd
> be
> happy to try a different mechanism if someone wants to suggest another
>
> browser or a command line that i can use to check). I would think
> that
> gq or the java ldapbrowser would be sufficient -- i found (and
> enabled)
> the option in both programs to "use tls".
>
> When i nmap myself, I can see that port 636 is open.
>
> If i start using:
>
> /usr/local/libexec/slapd -h "ldap:/// ldaps:///"
>
> i can successfully connect to the server on port 389 (without tls),
> but
> again i have no luck with the tls connection to port 636.
>
> Has anyone else had success with this?
>
> I can build without the cyrus-sasl if someone thinks that this will
> help
> figure out the problem. Please let me know what else I can do to try
>
> to figure this out.
>
> thanx very much,
> ~c