[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldap-ssl trouble .....
Hello everybody !
Here is my compilation :
#> CPPFLAGS=-I/usr/local/openssl-0.9.6/include
#> export CPPFLAGS
#> LDFLAGS=-L/usr/local/openssl-0.9.6/lib-dir
#> export LDFLAGS
#> configure --prefix =/usr/local/Ldap-srv --with-tls
#> make depend / make / make install
First working with standard ldap://
I 've created the database and import it in ldif format....
Some search request... everything's fine !!! :o)
Then decide to turn server to ldap-ssl
I create the key
#> openssl req -nodes -new -x509 -keyout MyCAkey.pem -out MyCAcert.pem
And I add the lines in slapd.conf
TLSCertificateFile /usr/local/LDAP-SRV/key/MyCAcert.pem
TLSCertificateKeyFile /usr/local/LDAP-SRV/key/MyCAkey.pem
#>./slapd -d 1 -h "ldap://neon.sunflo.fr ldaps://neon.sunflo.fr"
The server start correctly :
@(#) $OpenLDAP: slapd 2.0.21-Release (mer fév 6 10:13:12 CET 2002) $
root@neon:/usr/local/openldap-2.0.21/servers/slapd
daemon_init: listen on ldap://neon.sunflo.fr
daemon_init: listen on ldaps://neon.sunflo.fr
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap://neon.sunflo.fr)
daemon: initialized ldap://neon.sunflo.fr
ldap_url_parse_ext(ldaps://neon.sunflo.fr)
daemon: initialized ldaps://neon.sunflo.fr
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
slapd startup: initiated.
slapd starting
And with netstat command i see that the 636 and 389 port are effectively
open...
When i try a search in the non-secure server everything is OK !
BUT when i try a search on the secure server
( ldap.conf : HOST : neon.sunflo.fr:636 )
#> ldapsearch -x -Z -b o=societe.fr sn=Wayne
the client respond it can't contact the server and i get this trace errors :
ldap_pvt_gethostbyname_a: host=neon, r=0
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:557
connection_read(9): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=9 for close
connection_close: conn=0 sd=9
Note : The result is the same when I contact it from a php page...
( php compiled with ldap3.3 and openssl )
I take a quick look to the file s23_srvr.c on line 557....I'm not really
good
in C but it seems that he's not able to determine the version of TLS or SSL
or something of that stuff...
Has anybody any idea of what i should do to fix the problem ????
Thanks a lot !