[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OPENLDAP+TLS/SSL+PAM
Hi Philippe,
> I have an error when i try to connect to my server LDAP :
>
> conn=2 fd=13 ACCEPT from IP=192.168.1.53:1690 (IP=0.0.0.0:636)
> TLS: can't accept.
> TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> s23_srvr.c:634
> conn=2 fd=13 closed
>
> An idea ??? I use openldap 2.1.17, pam_ldap 1.64, openssl 0.9.7b, debian
> woody 3.0
Was openldap compiled with the '--with-tls' option?
> Here 's my slapd.conf :
>
> TLSCertificateFile /opt/certificate/certificat_serveur/server.crt
> TLSCertificateKeyFile /opt/certificate/clef_serveur/server.key
> TLSCACertificateFile /opt/certificate/certificat_signe_autorite/ca.crt
> TLSVerifyClient 0
This is probably not your problem according to your error message, but I'm
not sure what a '0' value for the TLSVerifyClient directive does. Try
using never|allow|try|demand. Default is 'never' so you might be
defaulting to it.
> Here's my ldap.conf :
>
> quid:/opt/openssl/ssl# more /etc/ldap.conf
There's been a recent discussion about this ... unless you have
specifically told slapd to use this file as the ldap configuration file, it
is not the file slapd is using for client information. Look at the
ldap.conf file in the same directory as slapd.conf. My prefix is /usr, so
my ldap.conf is found at /usr/etc/openldap.
I suspect your slapd was not built with the TLS option however.
Cheers,
Kent Soper
"You don't stop playing because you grow old ...
you grow old because you stop playing."
Linux Technology Center, Linux Security