I've set up an LDAP server which I'm currently only using for NIS and PAM. I'm trying to get a second machine on the same LAN to talk to it, and while everything is working fine over normal LDAP, I get an error with LDAPS. $ ldapsearch -H ldap://halcyon.ox.icnet.uk/ -D 'cn=admin,dc=ox,dc=icnet,dc=uk' -x -W works fine on the local host and on the remote host, but $ ldapsearch -H ldaps://halcyon.ox.icnet.uk/ -D 'cn=admin,dc=ox,dc=icnet,dc=uk' -x -W gives me the error "ldap_bind: Can't contact LDAP server" on the remote host. Now, I've checked on the list archives and Google to see what might be wrong, and I'm sure that (a) I'm using the FQDN of the LDAP server for the SSL certificate, and that (b) there's no issues with hosts.allow or hosts.deny which would prevent a connection being made. Indeed, debugging the call makes it look like there is a connection being established, judging by the following lines: ** Connections: * host: halcyon.ox.icnet.uk port: 636 (default) refcnt: 2 status: Connected last used: Mon Oct 20 10:28:41 2003 However, after this, I get the following: ber_get_next ldap_perror ldap_bind: Can't contact LDAP server I've attached a more full version of this output in case it's handy. Can anybody help me with this? Alex -- Mail: Alex Page <alex.page@cancer.org.uk> Real: Systems/Network Assistant, Epidemiology Unit, Oxford Tel: 01865 302 223 (external) / 223 (internal) PGP: 8868 21D7 3D35 DD77 9D06 BF0A 0746 2DE6 55EA 367E
$ ldapsearch -H ldaps://halcyon.ox.icnet.uk/ -D 'cn=admin,dc=ox,dc=icnet,dc=uk' -x -W -d 69 ldap_create ldap_url_parse_ext(ldaps://halcyon.ox.icnet.uk/) Enter LDAP Password: ldap_bind_s ldap_simple_bind_s ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_new_connection ldap_int_open_connection ldap_connect_to_host: halcyon.ox.icnet.uk ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 143.65.27.48:636 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_ndelay_on: 3 ldap_is_sock_ready: 3 ldap_ndelay_off: 3 ldap_int_sasl_open: host=halcyon.ox.icnet.uk ldap_open_defconn: successful ldap_send_server_request ber_flush: 43 bytes to sd 3 ldap_result msgid 1 ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL wait4msg (infinite timeout), msgid 1 wait4msg continue, msgid 1, all 1 ** Connections: * host: halcyon.ox.icnet.uk port: 636 (default) refcnt: 2 status: Connected last used: Mon Oct 20 10:28:41 2003 ** Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL do_ldap_select read1msg: msgid 1, all 1 ber_get_next ldap_perror ldap_bind: Can't contact LDAP server
Attachment:
pgpLKRbsKTYGx.pgp
Description: PGP signature