[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
- To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Subject: RE: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
- From: "Amir Saad" <Amir.Saad@bibalex.org>
- Date: Tue, 29 Nov 2005 09:15:26 +0200
- Cc: <OpenLDAP-software@OpenLDAP.org>
- Content-class: urn:content-classes:message
- Thread-index: AcX0Yw0AEstl1XTqSSCMuHL1NOGTdQAUZ7X1
- Thread-topic: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
thanks for your reply
i tried the s_server and s_client and both worked together, then i tried to connect slapd on port 636:
openssl s_client -connect localhost:636 -cert /etc/openldap/ca.crt -key /etc/openldap/ca.key
and this worked too, the s_client got response from the connection...
after this test, i think OpenSSL works fine, LDAP works fine without SSL
now the question is, why i can't use ldaps ?
i hope u can answer me
thanks alot for your time....
Amir Saad
Junior Software Engineer
________________________________
From: Kurt D. Zeilenga [mailto:Kurt@OpenLDAP.org]
Sent: Mon 11/28/2005 11:30 PM
To: Amir Saad
Cc: OpenLDAP-software@OpenLDAP.org
Subject: Re: ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
If you haven't done so already, you should verify that:
s_client -> s_server
works, then if
s_client -> slapd(8)
works. In both cases, be sure to use appropriate s_client
flags to enable server certificate verification. (If you
have questions about how to use s_client or s_server, see
the OpenSSL docs, use OpenSSL support lists.) And then,
if you still have problems, I suggest you enable both client
and server side debugging, rerun your simple authentication
(or just anonymous) bind, and then examine the output for hints.
And you might try 2.2.13 as, IIRC, some of ldapsearch(1)'s
error reporting was improved (though I don't recall if it
would make a difference here).
Kurt
At 01:00 AM 11/27/2005, Amir Saad wrote:
>i use Fedora 4 , Heimdal Kerberos , Cyrus-SASL 2.1.19 , OpenSSL , OpenLdap 2.3.11
>
>i want to use SSL with Ldap but i got the following errors:
>**********************************************************************
>ldapsearch -H ldaps://localhost/ -b cn=BA,dc=demo,dc=mydomain,dc=org
>ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
>
>*also i tried the following: (Simple Auth)
>
>ldapsearch -H ldaps://localhost/ -b cn=BA,dc=demo,dc=mydomain,dc=org -x
>ldap_bind: Can't contact LDAP server (-1)
>**********************************************************************
>
>the slapd is started using:
> /usr/local/libexec/slapd -u root -f /usr/local/etc/openldap/slapd.conf -h "ldap:/// ldaps:///"
>
>i tried to connect to ldap instead of ldaps and it worked but i need to use TLS/SSL .
>
>here is nmap localhost:
>***********************************************************************************************
>PORT STATE SERVICE
>22/tcp open ssh
>25/tcp open smtp
>80/tcp open http
>88/tcp open kerberos-sec
>111/tcp open rpcbind
>389/tcp open ldap
>543/tcp open klogin
>631/tcp open ipp
>636/tcp open ldapssl
>749/tcp open kerberos-adm
>750/tcp open kerberos
>838/tcp open unknown
>913/tcp open unknown
>923/tcp open unknown
>2049/tcp open nfs
>***********************************************************************************************
>
>i added the following two directives to the slapd.conf:
>TLSCertificateFile /0/CA/newcert.pem
>TLSCertificateKeyFile /0/CA/newcert.pem
>
>i added the following directives to the /etc/openldap/ldap.conf:
>TLS_CACERTDIR /etc/openldap/cacerts
>TLS_CACERT /etc/openldap/newcert.pem
>TLS_REQCERT allow
>
>i hope u can help!
>thanks for ur time!
>
>Amir Saad
>Software Engineer
>
>