[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Bind failing under ssl
I have confirmed that this is an issue with the bind and not with the
ssl. I used the open ssl test client and the entire ssl portion of the
protocol conversation worked as advertised (there were no self signed
certs in the mix either). For some reason, slapd will not bind to the
rootdn and rootpw (I have not tried to use regular users yet) when
running under ssl. Is there something I am missing here?
Tom
Thomas Bolioli wrote:
>When I connect to my ldap server using plain ol' 389 everything works
>just dandy. When I connect to it via ssl, the connection is made, ssl
>appears to handshake, but the bind fails. Below are the slapd logs. Any
>ideas with this one. I have added in a valid ca cert and have a valid
>wildcard cert.
>It seems to be a pretty popular problem around these parts but no one
>seems to have posted a solution.
>Thanks
>Tom
>
># To allow TLS-enabled connections, create /etc/ssl/openldap/ldap.pem
># and uncomment the following lines.
>TLSRandFile /dev/random
>TLSCipherSuite HIGH:MEDIUM:+SSLv2
>TLSCertificateFile /etc/ssl/openldap/ldap.pem
>TLSCertificateKeyFile /etc/ssl/openldap/ldap.pem
>TLSCACertificatePath /etc/ssl/
>TLSCACertificateFile /etc/ssl/cacert.pem
>#TLSCACertificateFile /etc/ssl/openldap/ldap.pem
>TLSVerifyClient never # ([never]|allow|try|demand)
>
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on 1 descriptors
>Apr 25 16:06:07 nova slapd[3670]: daemon: new connection on 12
>Apr 25 16:06:07 nova slapd[3670]: conn=1 fd=12 ACCEPT from
>IP=209.6.223.56:32985 (IP=0.0.0.0:636)
>Apr 25 16:06:07 nova slapd[3670]: daemon: added 12r
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on:
>Apr 25 16:06:07 nova slapd[3670]:
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=6
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=7
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=8
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=9
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on 1 descriptors
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on:
>Apr 25 16:06:07 nova slapd[3670]: 12r
>Apr 25 16:06:07 nova slapd[3670]:
>Apr 25 16:06:07 nova slapd[3670]: daemon: read activity on 12
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=6
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=7
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=8
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=9
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on 1 descriptors
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on:
>Apr 25 16:06:07 nova slapd[3670]: 12r
>Apr 25 16:06:07 nova slapd[3670]:
>Apr 25 16:06:07 nova slapd[3670]: daemon: read activity on 12
>Apr 25 16:06:07 nova slapd[3670]: daemon: removing 12
>Apr 25 16:06:07 nova slapd[3670]: conn=1 fd=12 closed
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=6
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=7
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=8
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=9
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: activity on 1 descriptors
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=6
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=7
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=8
>active_threads=0 tvp=NULL
>Apr 25 16:06:07 nova slapd[3670]: daemon: select: listen=9
>active_threads=0 tvp=NULL
>
>
>