[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Windows [ERROR 81] Can't contact LDAP server ???
I have the same problema than you and I don't know what's happennig. My
server log tells me:
connection_get(10): got connid=1
connection_read(10): checking for input on id=1
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:565
connection_read(10): TLS accept error error=-1 id=1, closing
It's the same I saw when I tried to use "ldapsearch -h mydomain.com -p 636"
instead "ldapsearch -H ldaps://mydomain.com:636". I think windows is not
using SSL as it should be, but I'm not very sure.
I will thank any kind of information about it (other than use the netscape
SDK).
On 05 de abr de 2002, a las 10:53 -0500, Frank Swasey wrote:
> I am very confused. I have set up an openldap 2.0.11 server on RedHat
> 7.2 and have just stumbled on this problem.
>
> My windows clients (Outlook, Softerra LDAP Browser 2.2) are able to
> connect to and use the LDAP server unless I configure them to use SSL.
> I am able to use SSL from another RedHat (7.1) system with ldapsearch.
>
> Running slapd with the -d -1 parameter, I can see that the RedHat client
> continues the SSL negotiation after being asked for a certificate (does
> a key exchange) but it appears the Windows clients just close the
> connection and throw the ERROR 81 message at the user when requested to
> send their certificate for SSLv3...
>
> Is there any change I can make to either the windows clients or the
> server to allow this SSL negotiation to work?
>
> Here's the TLS entries from my slapd.conf:
>
> TLSCertificateFile /usr/share/ssl/certs/ldap.pem
> TLSCertificateKeyFile /usr/share/ssl/certs/ldap.key
> TLSCACertificateFile /usr/share/ssl/certs/ldap.pem
>
> The ldap.pem and ldap.key files were generated with the command:
>
> openssl req -new -x509 -nodes -out ldap.pem -keyout ldap.key -days 365
>
> Before you ask why not 2.0.23, 2.0.11 was the last release that the
> cn=Monitor patch will work against -- I am told I need that to get
> Steltor's corporate time calendar product working (at least until
> version 6 is released) with OpenLDAP.
>
> Thanks,
> --
> Frank Swasey | http://www.uvm.edu/~fcs
> Systems Programmer | Always remember: You are UNIQUE,
> University of Vermont | just like everyone else.
> === God Bless Us All ===
>
--
Guillermo.
-----------------------------------------------------------
() ascii ribbon campaign - against html mail
/\ - against microsoft attachments
-----------------------------------------------------------