[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Ldap and TLS
On Fri, Nov 07, 2003 at 02:13:27PM +0200, Bart Bekker wrote:
> I have been trying for days now to ger LDAP going with TLS, for use with
> Samba, but something keeps on going wrong at the moment I put the TLS
> options in the slapd.conf file.
It would be useful to see the relevant lines from that file.
> In /var/log/messages I see this:
> Nov 7 13:56:15 linux slapd[31289]: daemon: socket() failed errno=97
> (Address family not supported by protocol)
Ignore that - slapd is trying to bind to an IPv6 address.
> Nov 7 13:56:15 linux slapd[31289]: main: TLS init def ctx failed: -1
OK - certainly a TLS problem there.
> I ran strace and got this:
...
> open("/usr/local/etc/openldap/arcos-cert.pem", O_RDONLY) = 7
> fstat64(7, {st_mode=S_IFREG|0644, st_size=513, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0x40016000
> read(7, "-----BEGIN CERTIFICATE REQUEST--"..., 4096) = 513
Now that might be relevant: it looks as if you have given slapd a
Certificate Signing Request where it actually want a certificate.
Check the contents of the files that you reference in the config file.
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------