[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
openldap SSL/TLS problem
I want to have my openldap traffic secured using openssl, I read lot of
mail in the list about that and here's what I did:
openldap 2.0.11, RedHat 7.1, openssl-0.9.6-3
I created the certificate (using FQDN !)
openssl req -new -x509 -nodes -out ldapserver.pem -keyout ldapserver.pem
-days 365
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:Evry
Organization Name (eg, company) [Internet Widgits Pty Ltd]:INT-EVRY
Organizational Unit Name (eg, section) []:MCI
Common Name (eg, your name or your server's hostname)
[]:mci21056.int-evry.fr
Email Address []:root@mci21056.int-evry.fr
/etc/openldap/slapd.conf:
TLSCipherSuite HIGH:MEDIUM
TLSCertificateFile /usr/share/ssl/certs/ldapserver.pem
TLSCertificateKeyFile /usr/share/ssl/certs/ldapserver.pem
/etc/openldap/ldap.conf
HOST mci21056.int-evry.fr
BASE dc=int-evry,dc=fr
URI ldaps://mci21056.int-evry.fr
ssl yes
#ssl start_tls
I start the server
$ slapd -d 1 -h "ldaps://mci21056.int-evry.fr" -l LOCAL3
@(#) $OpenLDAP: slapd 2.0.11-Release (Mon Jun 18 23:27:28 CEST 2001) $
root@mci21056.int-evry.fr:/usr/src/redhat/BUILD/openldap-2.0.11/servers/slapd
daemon_init: listen on ldaps://mci21056.int-evry.fr
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldaps://mci21056.int-evry.fr)
daemon: initialized ldaps://mci21056.int-evry.fr
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
slapd startup: initiated.
slapd starting
It is running:
$ lsof -i tcp:636
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
slapd 11241 root 6u IPv4 52557 TCP
mci21056.int-evry.fr:ldaps (LISTEN)
Here's my problem:
$ ldapsearch -Z -H "ldaps://mci21056.int-evry.fr" -b "dc=int-evry,dc=fr"
"uid=procacci"
ldap_start_tls: Operations error
additional info: TLS already started
ldap_sasl_interactive_bind_s: Unknown authentication method
Server's log ends with:
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 7
ber_get_next
ber_get_next on fd 7 failed errno=11 (Resource temporarily unavailable)
connection_get(7): got connid=0
connection_read(7): checking for input on id=0
ber_get_next
ber_get_next on fd 7 failed errno=0 (Success)
connection_read(7): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=7 for close
connection_close: conn=0 sd=7
TLS trace: SSL3 alert write:warning:close notify
What I am doing wrong ?
Is there a doc, HOWTO about all this SSL/TLS stuff with openldap.
Thanks
--
Jehan Procaccia
Institut National des Telecommunications| Email:
Jehan.Procaccia@int-evry.fr
MCI, Moyens Communs Informatiques | Tel : +33 (0) 160764436
9 rue Charles Fourier 91011 Evry France | Fax : +33 (0) 160764321