[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS problems ldapsearch -ZZ problem



Le mer 12/03/2003 à 16:36, Jayson Henkel a écrit :
> Hello,
> 
> I've been attempting to get tls support working when connecting to my
> directory and I can't seem to get any external clients to successfully
> use the -ZZ option when doing a search. I can do a -ZZ on the directory
> server itself and when I watch the lo's port 389 the traffic is
> encrypted. However when I do a ldapsearch -ZZ from a different machine
> making sure to use the CN of the directory server as the uri all  I set
> the -d level at -1 and this is all I ever see:
> 
> ldap_create
> ldap_url_parse_ext(ldap://rauru.sterlingcrane.ca:389)
> ldap_perror
> ldap_start_tls: Success
> 
> When I'm watching port 389 of my directory server I see absolutley no
> traffic being generated.

the hostname you set in the ldap.conf needs to be exactly the same as
the hostname you used in the server certificate
do you use rauru.sterlingcrane.ca from the server too ?

to be sure, use the same /etc/openldap/ldap.conf file on the server and
on other hosts

if I helped you...

Francois