[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with connecting via SSL from remote host



I've set up an LDAP server which I'm currently only using for NIS and
PAM. I'm trying to get a second machine on the same LAN to talk to it,
and while everything is working fine over normal LDAP, I get an error
with LDAPS.

$ ldapsearch -H ldap://halcyon.ox.icnet.uk/ -D 'cn=admin,dc=ox,dc=icnet,dc=uk' -x -W

works fine on the local host and on the remote host, but

$ ldapsearch -H ldaps://halcyon.ox.icnet.uk/ -D 'cn=admin,dc=ox,dc=icnet,dc=uk' -x -W

gives me the error "ldap_bind: Can't contact LDAP server" on the remote
host. Now, I've checked on the list archives and Google to see what
might be wrong, and I'm sure that (a) I'm using the FQDN of the LDAP
server for the SSL certificate, and that (b) there's no issues with
hosts.allow or hosts.deny which would prevent a connection being made.

Indeed, debugging the call makes it look like there is a connection
being established, judging by the following lines:

** Connections:
* host: halcyon.ox.icnet.uk  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Mon Oct 20 10:28:41 2003

However, after this, I get the following:

ber_get_next
ldap_perror
ldap_bind: Can't contact LDAP server

I've attached a more full version of this output in case it's handy. Can
anybody help me with this?

Alex
-- 
Mail: Alex Page <alex.page@cancer.org.uk>
Real: Systems/Network Assistant, Epidemiology Unit, Oxford
Tel:  01865 302 223 (external) / 223 (internal)
PGP:  8868 21D7 3D35 DD77 9D06  BF0A 0746 2DE6 55EA 367E
$ ldapsearch -H ldaps://halcyon.ox.icnet.uk/ -D 'cn=admin,dc=ox,dc=icnet,dc=uk' -x -W -d 69
ldap_create
ldap_url_parse_ext(ldaps://halcyon.ox.icnet.uk/)
Enter LDAP Password: 
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: halcyon.ox.icnet.uk
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 143.65.27.48:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_int_sasl_open: host=halcyon.ox.icnet.uk
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 43 bytes to sd 3
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: halcyon.ox.icnet.uk  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Mon Oct 20 10:28:41 2003

** Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
** Response Queue:
   Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 1, all 1
ber_get_next
ldap_perror
ldap_bind: Can't contact LDAP server

Attachment: pgpLKRbsKTYGx.pgp
Description: PGP signature