[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapsearch and TLS
Hi,
Chris Majewski <majewski@cs.ubc.ca> writes:
> I'm trying to do an ldapsearch (or add, or modify, or anything...) on
> a server that's doing TLS. Here's what happens:
>
> ldapsearch -h localhost -v -Z -D "uid=me,ou=People,o=cs.ubc.ca" -LLL \
> -b "uid=someonelse,ou=People,o=cs.ubc.ca"
> ldap_init( localhost, 0 )
> ldap_start_tls: Connect error
> ldap_sasl_interactive_bind_s: Can't contact LDAP server
>
> Here's what the server logs say (-d 1023). Any idea what's going
> wrong? The manpages, as usual, incorrectly assume that I already know
> what I'm doing.
[...]
> TLS trace: SSL_accept:before/accept initialization
> tls_read: want=11, got=11
> 0000: 30 3e 02 01 02 63 39 04 00 0a 01 0>...c9....
> TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
> TLS: can't accept.
> TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol s23_srvr.c:585
> connection_read(12): TLS accept error error=-1 id=278, closing
> connection_closing: readying conn=278 sd=12 for close
Have you properly configured slapd.conf, ldap.conf, ldaprc?
Have you created a valid certificate chain?
Did you read this site
http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de