[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
TLS with self signed certs
I am having issues getting TLS to work. Openldap was installed via RPMs
from http://anorien.csc.warwick.ac.uk/mirrors/buchan/openldap/rhel4/
some output from /var/log/ldap2.3/ldap.log, I can include all the logs
needed.
Sep 11 16:58:42 jaffa slapd2.3[16942]: daemon: read active on 15
Sep 11 16:58:42 jaffa slapd2.3[16942]: connection_get(15)
Sep 11 16:58:42 jaffa slapd2.3[16942]: connection_get(15): got connid=48
Sep 11 16:58:42 jaffa slapd2.3[16942]: connection_read(15): checking for
input on id=48
Sep 11 16:58:42 jaffa slapd2.3[16942]: connection_read(15): unable to
get TLS client DN, error=49 id=48
Sep 11 16:58:42 jaffa slapd2.3[16942]: conn=48 fd=15 TLS established
tls_ssf=256 ssf=256
Sep 11 16:58:42 jaffa slapd2.3[16942]: daemon: select: listen=7
active_threads=0 tvp=zero
Sep 11 16:58:42 jaffa slapd2.3[16942]: daemon: select: listen=8
active_threads=0 tvp=zero
Sep 11 16:58:42 jaffa slapd2.3[16942]: daemon: select: listen=9
active_threads=0 tvp=zero
Sep 11 16:58:42 jaffa slapd2.3[16942]: daemon: select: listen=10
active_threads=0 tvp=zero
Sep 11 16:58:42 jaffa slapd2.3[16942]: daemon: activity on 1 descriptor
Sep 11 16:58:42 jaffa slapd2.3[16942]: daemon: activity on:
Sep 11 17:09:49 jaffa slapd2.3[16942]: 15r
Sep 11 17:09:49 jaffa slapd2.3[16942]:
Sep 11 17:09:49 jaffa slapd2.3[16942]: daemon: read active on 15
Sep 11 17:09:49 jaffa slapd2.3[16942]: connection_get(15)
Sep 11 17:09:49 jaffa slapd2.3[16942]: connection_get(15): got connid=58
Sep 11 17:09:49 jaffa slapd2.3[16942]: connection_read(15): checking for
input on id=58
Sep 11 17:09:49 jaffa slapd2.3[16942]: connection_read(15): unable to
get TLS client DN, error=49 id=58
Sep 11 17:09:49 jaffa slapd2.3[16942]: conn=58 fd=15 TLS established
tls_ssf=256 ssf=256
Sep 11 17:09:49 jaffa slapd2.3[16942]: daemon: select: listen=7
active_threads=0 tvp=zero
Sep 11 17:09:49 jaffa slapd2.3[16942]: daemon: select: listen=8
active_threads=0 tvp=zero
Sep 11 17:09:49 jaffa slapd2.3[16942]: daemon: select: listen=9
active_threads=0 tvp=zero
Sep 11 17:09:49 jaffa slapd2.3[16942]: daemon: select: listen=10
active_threads=0 tvp=zero
Sep 11 17:09:49 jaffa slapd2.3[16942]: daemon: activity on 1 descriptor
Sep 11 17:09:49 jaffa slapd2.3[16942]: daemon: activity on:
Sep 11 17:09:49 jaffa slapd2.3[16942]: 15r
Sep 11 17:09:49 jaffa slapd2.3[16942]:
Sep 11 17:09:49 jaffa slapd2.3[16942]: daemon: read active on 15
Sep 11 17:09:49 jaffa slapd2.3[16942]: connection_get(15)
Sep 11 17:09:49 jaffa slapd2.3[16942]: connection_get(15): got connid=58
Sep 11 17:09:49 jaffa slapd2.3[16942]: connection_read(15): checking for
input on id=58
Sep 11 17:09:49 jaffa slapd2.3[16942]: ber_get_next on fd 15 failed
errno=11 (Resource temporarily unavailable)
Sep 11 17:09:49 jaffa slapd2.3[16942]: daemon: select: listen=7
active_threads=0 tvp=zero
Sep 11 17:09:49 jaffa slapd2.3[16942]: daemon: select
-------------------------
Servers slapd.conf file
include /usr/share/openldap2.3/schema/core.schema
include /usr/share/openldap2.3/schema/cosine.schema
include /usr/share/openldap2.3/schema/corba.schema
include /usr/share/openldap2.3/schema/inetorgperson.schema
include /usr/share/openldap2.3/schema/java.schema
include /usr/share/openldap2.3/schema/ppolicy.schema
include /usr/share/openldap2.3/schema/misc.schema
include /usr/share/openldap2.3/schema/nis.schema
include /usr/share/openldap2.3/schema/openldap.schema
include /usr/share/openldap2.3/schema/autofs.schema
include /usr/share/openldap2.3/schema/samba.schema
include /usr/share/openldap2.3/schema/kolab.schema
include /usr/share/openldap2.3/schema/evolutionperson.schema
include /usr/share/openldap2.3/schema/calendar.schema
include /usr/share/openldap2.3/schema/sudo.schema
include /usr/share/openldap2.3/schema/dnszone.schema
include /usr/share/openldap2.3/schema/dhcp.schema
include /etc/openldap2.3/schema/local.schema
include /etc/openldap2.3/slapd.access.conf
access to dn.subtree="dc=nasaprs,dc=com"
by self write
by dn="cn=Manager,dc=nasaprs,dc=com" write
by * read
access to dn.subtree="dc=nasaprs,dc=com"
by self write
by dn="cn=Replicator,dc=nasaprs,dc=com" write
by * read
pidfile /var/run/ldap2.3/slapd.pid
argsfile /var/run/ldap2.3/slapd.args
modulepath /usr/lib/openldap2.3/
allow bind_v2 bind_anon_dn
TLSRandFile /dev/random
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/openldap2.3/cert/servercrt.pem
TLSCertificateKeyFile /etc/openldap2.3/cert/serverkey.pem
TLSCACertificateFile /etc/openldap2.3/cert/cacert.pem
loglevel -1
#######################################################################
# database definitions
#######################################################################
database bdb
suffix "dc=nasaprs,dc=com"
rootdn "cn=Manager,dc=nasaprs,dc=com"
rootpw {SSHA}encypted secret password
directory /var/lib/ldap2.3
checkpoint 256 5
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
access to attrs=shadowLastChange
by dn="cn=Manager,dc=nasaprs,dc=com" write
by self write
by * read
replogfile /var/lib/ldap2.3/openldap-master-replog
replica uri=ldap://clango.ourdomain.com:389
binddn="cn=Manager,dc=nasaprs,dc=com"
bindmethod=simple credentials=secret password
---------------------------------
client ldap.conf file
Seed the PRNG if /dev/urandom is not provided
#tls_randfile /var/run/egd-pool
# SSL cipher suite
# See man ciphers for syntax
#tls_ciphers TLSv1
# Client certificate and key
# Use these, if your server requires client authentication.
tls_cacertdir /etc/openldap/cacerts
-----------------------------------
Any ideas?
Thanks,
-John B
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature