[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
'unary operator expected' error when TLS turned on
- To: <openldap-technical@openldap.org>
- Subject: 'unary operator expected' error when TLS turned on
- From: "John Kane" <john.kane@prodeasystems.com>
- Date: Fri, 29 May 2009 16:11:42 -0500
- Content-class: urn:content-classes:message
- Thread-index: AcngohCbXHANhrA2TxCZFeH/skzrow==
- Thread-topic: 'unary operator expected' error when TLS turned on
I've also posted this message on the OpenSSL forum:
I just turned on TLS on my LDAP (per instructions on
http://www.openldap.org/faq/data/cache/185.html). Now all of my Linux
servers (RH EL5) give the following error on login:
-bash: [: =: unary operator expected
The error goes away when I turn TLS off. I cannot determine what is
causing this error, or even which file contains the error. I've gone
through my LDAP config files, cannot find an issue in any of these.
Other than my cacert.pem, and the LDAP config files, are there other
files that are read only when TLS is turned on?
Thanks,
John
I am running Openldap 2.3.43-2.el5 & OpenSSL 0.9.8b-10.el5 (RPMs from
Red Hat, which I am required to use unless I put up a BIG fight).
++++ Here's my configs ++++
I turn on TLS by adding the following in my /etc/ldap.conf (pam/nss
file):
ssl start_tls
tls_checkpeer yes
tls_cacertfile /etc/openldap/cacerts/cacert.pem
tls_cacertdir /etc/openldap/cacerts/
and have the following in my /etc/openldap/ldap.conf (openldap file):
HOST 172.25.3.97
BASE dc=example,dc=net
TLS_CACERTDIR /etc/openldap/cacerts/
TLS_REQCERT allow
and my (self-signed) cacert:
[root@serverx cacerts]# openssl x509 -text -in
/etc/openldap/cacerts/cacert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Utah, O=Bigtime CA, OU=Signers, CN=Integration
Root CA/emailAddress=john.smith@myco.com
Validity
Not Before: May 28 04:37:13 2009 GMT
Not After : May 27 04:37:13 2012 GMT
Subject: C=US, ST=Utah, O=Bigtime CA, OU=Signers, CN=Integration
Root CA/emailAddress=john.smith@myco.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b3:bf:f0:18:5d:7e:57:0a:ce:15:3c:28:2a:81:
6d:e6:c5:31:98:7e:cc:09:03:d2:28:f2:33:3e:88:
11:5f:7d:e1:18:33:38:7d:f5:fa:9d:89:a8:95:16:
08:00:81:08:29:ac:37:b3:b1:2b:f3:20:52:15:d7:
19:44:92:9c:45:e7:2e:58:fe:7e:07:d4:1f:5a:ad:
59:91:37:84:14:a8:4e:df:54:a2:62:66:38:9b:f0:
cf:48:01:68:0d:3a:7c:93:83:02:48:e0:76:a1:5c:
f9:05:3b:49:1e:03:9a:fd:ea:ee:79:f7:87:66:96:
b0:69:39:e1:e6:1a:bd:9e:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
0B:FB:7D:0B:0D:17:A3:CD:79:02:A3:A3:92:57:15:6F:DE:38:07:3C
X509v3 Authority Key Identifier:
keyid:0B:FB:7D:0B:0D:17:A3:CD:79:02:A3:A3:92:57:15:6F:DE:38:07:3C
Signature Algorithm: sha1WithRSAEncryption
28:52:3d:9c:90:d1:89:00:d7:9d:3b:06:a6:32:28:e8:c0:8d:
9d:5a:0b:79:bb:1a:c9:1a:8d:c6:3a:a5:ec:5d:4c:9f:20:4c:
c6:1e:41:df:7d:d5:fc:45:09:2b:4b:7c:ff:38:aa:ea:33:a0:
4a:be:7c:84:7c:58:e8:98:9b:c9:0e:4b:5b:11:c6:28:84:b1:
3f:bb:30:03:f6:38:40:9f:2d:32:bc:3a:97:b8:6f:fd:aa:9f:
67:a6:27:07:53:b2:40:41:86:b7:02:f2:6b:07:6f:1b:74:87:
63:3b:1b:89:13:08:cb:32:f0:3c:3b:5e:d6:df:e3:91:19:86:
7a:d4
-----BEGIN CERTIFICATE-----
MIIDDzCCAnigAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UERhMCVVMx
DjAMBgNVBAgTBVRleGFzMRMwEQYDVQQKEwpCaWd0aW1lIENBMRAwDgYDVQQLEwdT
aWduZXJzMRwwGgYDVQQDExNJbnRlZ3JhdGlvbiBSb290IENBMSowKAYJKoZIhvcN
AQkBFhtqb2huLmthbmVAcHJvZGVhc3lzdGV3cy5jb20wHhcNMDkwNTI4MDQzNzEz
WhcNMTIwNTI3MDQzNzEzWjCBjjELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFz
MRMwEQYDVQQKEwpCaWd0aW1lIENBMRAwDgYDVQQLEwdTaWduZXJzMRwwGgYDVQQD
ExNJbnRlZ3JhdGlvbiBSb290IENBMSowKAYJKoZIhvcNAQkBFhtqb2huLmthbmVA
cHJvZGVhc3lzdGVtcy5jb20wgZ8wDQYJKoZIhvcNAQE1BQADgY0AMIGJAoGBALO/
8BhdflcKzhU8KCqBbebFMZh+xAkD0ijyMz6IEV994RgzNX31+p2JqJUWCACBCCms
N7OxK/MgUhXXGUSSnEXnLlj+fgfUH1qtWZE3hBSoTd9UomJmOJvwz0gBaA06fJOD
AkjgdqFc+QU7SR4Dmv3q7nn3h2aWsGl54eYavZ4NAgMBAAGjezB5MAkGA1UdEwQC
MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl
MB0GA1UdDgQWBBQL+30LDRejzXkCo6OSVxVv3jgHPfAfBgNVHSMEGDAWgBQL+30L
DRejzXkCo6OSVxVv3jgHPDANBgkqhkiG9w0BAQUFAAOBgQAoUj2ckOGJANedOwam
MijowI2dWgt5uxrJGo3GOqXsXUyfIEzGHkHffdD8RQkrS3z/OKrqM6BKvnyEfFjo
mJ7JDktbEcYohLE/uzAD9jhAny0yvDqXuG/9qp9npicHU7JAQYa3AvJrB28bdIdo
OxuJEwjLNvA8O17W3+ORGYZ61A==
-----END CERTIFICATE-----
This message is confidential to Prodea Systems, Inc unless otherwise indicated
or apparent from its nature. This message is directed to the intended recipient
only, who may be readily determined by the sender of this message and its
contents. If the reader of this message is not the intended recipient, or an
employee or agent responsible for delivering this message to the intended
recipient:(a)any dissemination or copying of this message is strictly
prohibited; and(b)immediately notify the sender by return message and destroy
any copies of this message in any form(electronic, paper or otherwise) that you
have.The delivery of this message and its information is neither intended to be
nor constitutes a disclosure or waiver of any trade secrets, intellectual
property, attorney work product, or attorney-client communications. The
authority of the individual sending this message to legally bind Prodea Systems
is neither apparent nor implied,and must be independently verified.