[Date Prev][Date Next] [Chronological] [Thread] [Top]

Can't connect LDAP server (81)



I am setting up a LDAP server with SSL/TLS. My server starts with the
good options to start a server on port 389 (ldap) and port 636 (ldaps).

I have setting up LDAP with the following dn:
# active2.homelinux.org
dn: dc=active2,dc=homelinux,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: active2.homelinux.org
dc: active2
description: Directory Server of active2.homelinux.org

But when i try the following command
ldapsearch -H ldaps:/// -I -b "" -s base -LLL supportedSASLMechanisms

i got this:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (81)
        additional info: Error in the certificate.

Ok i get a step back and try the following command:
ldapsearch -H ldap://server.active2.homelinux.org/ -x -b "" -s base -LLL
-ZZ supportedSASLMechanisms

i got the following:
ldap_start_tls: Connect error (91)
        additional info: Error in the certificate.

I have my certificate set up with the following information:
openssl req -new -x509 -nodes -out server.pem -keyout server.pem -days
365

Using configuration from /usr/lib/ssl/openssl.cnf
Generating a 1024 bit RSA private key
.............................................................++++++
.................++++++
writing new private key to 'server.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:NL
string is too long, it needs to be less than  2 bytes long
Country Name (2 letter code) [AU]:NL
State or Province Name (full name) [Some-State]:Friesland
Locality Name (eg, city) []:Grou
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Active2
Organizational Unit Name (eg, section) []:Active2
Common Name (eg, YOUR name) []:server.active2.homelinux.org
Email Address []:matthijs@active2.homelinux.org

In my slapd.conf are the following entries set:
# The SSL/TLS configuration
TLSCertificateFile      /etc/ldap/server.pem
TLSCertificateKeyFile   /etc/ldap/server.pem
TLSCACertificateFile    /etc/ldap/server.pem

So i'm asking what's wrong with my config

I have also some debug information maybe it helps by solving the
problem:

When executing the following command:
ldapsearch -d 1 -H ldaps://server.active2.homelinux.org/ -x -b "" -s
base -LLL supportedSASLMechanisms

The output is:
...
ldap_int_sasl_open: host=server.active2.homelinux.org
TLS certificate verification: depth: 0, err: 2, subject: C=NL,
ST=Friesland, L=Grou, O=Internet Widgits Pty Ltd, OU=,
CN=active2.homelinux.org/Email=matthijs@active2.homelinux.org, issuer:
C=NL, ST=Friesland, L=Grou, O=Internet Widgits Pty Ltd, OU=,
CN=active2.homelinux.org/Email=matthijs@active2.homelinux.org
TLS certificate verification: Error, No trusted path to certificate
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (81)
        additional info: Error in the certificate.

And whe executing this:
ldapsearch -d 1 -H ldap://server.active2.homelinux.org/ -x -b "" -s base
-LLL -ZZ supportedSASLMechanisms

i got this:
ldap_msgfree
TLS certificate verification: depth: 0, err: 2, subject: C=NL,
ST=Friesland, L=Grou, O=Internet Widgits Pty Ltd, OU=,
CN=active2.homelinux.org/Email=matthijs@active2.homelinux.org, issuer:
C=NL, ST=Friesland, L=Grou, O=Internet Widgits Pty Ltd, OU=,
CN=active2.homelinux.org/Email=matthijs@active2.homelinux.org
TLS certificate verification: Error, No trusted path to certificate
TLS: can't connect.
ldap_perror
ldap_start_tls: Connect error (91)
        additional info: Error in the certificate.

Who can help me with solving the problem ?