[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldapsearch and TLS

To: openldap-software@OpenLDAP.org
Subject: ldapsearch and TLS
From: Chris Majewski <majewski@cs.ubc.ca>
Date: Mon, 15 Mar 2004 15:49:59 -0800
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.2 (gnu/linux)

I'm trying to do an ldapsearch  (or add, or modify, or anything...) on
a server that's doing TLS. Here's what happens:

ldapsearch -h localhost -v -Z -D "uid=me,ou=People,o=cs.ubc.ca" -LLL \
 -b "uid=someonelse,ou=People,o=cs.ubc.ca" 
ldap_init( localhost, 0 )
ldap_start_tls: Connect error
ldap_sasl_interactive_bind_s: Can't contact LDAP server

Here's  what the  server logs  say (-d  1023). Any  idea  what's going
wrong? The manpages, as usual,  incorrectly assume that I already know
what I'm doing. 

-chris

daemon: activity on 1 descriptors
daemon: new connection on 12
daemon: conn=278 fd=12 connection from IP=127.0.0.1:48659 (IP=0.0.0.0:389) accepted.
daemon: added 12r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=278
connection_read(12): checking for input on id=278
ber_get_next
ldap_read: want=1, got=1
  0000:  30                                                 0                 
ldap_read: want=1, got=1
  0000:  1d                                                 .                 
ldap_read: want=29, got=29
  0000:  02 01 01 77 18 80 16 31  2e 33 2e 36 2e 31 2e 34   ...w...1.3.6.1.4  
  0010:  2e 31 2e 31 34 36 36 2e  32 30 30 33 37            .1.1466.20037     
ber_get_next: tag 0x30 len 29 contents:
ber_dump: buf=0x081bf0c8 ptr=0x081bf0c8 end=0x081bf0e5 len=29
  0000:  02 01 01 77 18 80 16 31  2e 33 2e 36 2e 31 2e 34   ...w...1.3.6.1.4  
  0010:  2e 31 2e 31 34 36 36 2e  32 30 30 33 37            .1.1466.20037     
ber_get_next
ldap_read: want=1 error=Resource temporarily unavailable
ber_get_next on fd 12 failed errno=11 (Resource temporarily unavailable)
do_extended
ber_scanf fmt ({a) ber:
ber_dump: buf=0x081bf0c8 ptr=0x081bf0cb end=0x081bf0e5 len=26
  0000:  77 18 80 16 31 2e 33 2e  36 2e 31 2e 34 2e 31 2e   w...1.3.6.1.4.1.  
  0010:  31 34 36 36 2e 32 30 30  33 37                     1466.20037        
do_extended: oid=1.3.6.1.4.1.1466.20037
send_ldap_extended 0: (0)
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 12
  0000:  30 0c 02 01 01 78 07 0a  01 00 04 00 04 00         0....x........    
ldap_write: want=14, written=14
  0000:  30 0c 02 01 01 78 07 0a  01 00 04 00 04 00         0....x........    
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: select: listen=7 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12)
connection_get(12): got connid=278
connection_read(12): checking for input on id=278
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=11
  0000:  30 3e 02 01 02 63 39 04  00 0a 01                  0>...c9....       
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol s23_srvr.c:585
connection_read(12): TLS accept error error=-1 id=278, closing
connection_closing: readying conn=278 sd=12 for close
connection_close: conn=278 sd=12
daemon: removing 12
conn=-1 fd=12 closed
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL

Follow-Ups:
- Re: ldapsearch and TLS
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: ldapsearch and TLS
  - From: D.M.Lewney@sussex.ac.uk (Dave Lewney)
- Re: ldapsearch and TLS
  - From: Tony Earnshaw <tonye@billy.demon.nl>

Prev by Date: LDAP_ERROR:0x44
Next by Date: Upgrade steps from 2.1.x to 2.2.x
Index(es):
- Chronological
- Thread