[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd, GNUTLS on Debian/Squeeze

To: openldap-technical@openldap.org
Subject: Re: Slapd, GNUTLS on Debian/Squeeze
From: Reinaldo de Carvalho <reinaldoc@gmail.com>
Date: Fri, 20 May 2011 14:48:22 -0300
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding; bh=96aEMPuwI3Qjg6ns0o5JEAu4eMCIO1Du+gHCayDV/Kw=; b=RKC+WSLrH4M3rmv3OpiCafxURivNAdQqgN7olxEgln7Px8KJxm7pyR6wUCrCiWthdV 3UZfitMgHK/smd7a5HwADMus1obf6WYRXOc1G/uleACa0Ypz4zIs2VwpJ/h5RHhVnhGb zqlCjyv0ZuKfIRcxhFCplpA4g6Gza3Uwyehmk=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=L8xO/zkkxk+3l0apCNK0wLv/TZK6s/mZBxqyYCiItAKh4Dhorrs92I1kVOImiuo3it Infmr7uHqJkQVC+QTRpqEZlJu8RwG+cUs0L2r3ZQK7tsBS401mh95iBQnAuNzpdvOMcf TsRC/UHcjbH4E9/4UeK+iCBZo4OVY1oQZrAks=
In-reply-to: <20110520114000.GB18978@nowhere.eden>
References: <20110520095005.GP7489@nowhere.eden> <201105201304.52784.bgmilne@staff.telkomsa.net> <20110520114000.GB18978@nowhere.eden>

On Fri, May 20, 2011 at 8:40 AM, David Dumortier <d.dumortier@free.fr> wrote:
>> With what command-line arguments/options (specifically, what values provided
>> to -h option)?
>
> cat /etc/default/slapd :
> SLAPD_SERVICES="ldapi:/// ldaps:///"
>

Thist enable only SSL port (636), TLS on 389 isn't available.

>> Before doing this, did you verify that slapd is actually listening for ldaps
>> on port 636?
>>
>> I suspect you are running ldap:// on port 636.
>
> ldapsearch -W -H ldap://myip:636/
> ldap_result: Can't contact LDAP server (-1)
>

No, -H ldaps://myip:636/ (to SSL/ldaps).


> ldapsearch -W -H ldaps://myip/
> TLS: can't connect: Error in the push function..
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>

No, this will connect on default port 389 with SSL/ldaps, isn't what you want.

> ldapsearch -ZZW -H ldaps://myip/
> TLS: can't connect: Error in the push function..
> ldap_start_tls: Can't contact LDAP server (-1)
>        additional info: Error in the push function.
>

No, this you need choose TLS (-Z) ou SSL (-H ldaps://...), not both.

-- 
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net

"While not fully understand a software, don't try to adapt this
software to the way you work, but rather yourself to the way the
software works" (myself)

Follow-Ups:
- Re: Slapd, GNUTLS on Debian/Squeeze
  - From: ben thielsen <btb@bitrate.net>
- Re: Slapd, GNUTLS on Debian/Squeeze
  - From: David Dumortier <d.dumortier@free.fr>

References:
- Slapd, GNUTLS on Debian/Squeeze
  - From: David Dumortier <d.dumortier@free.fr>
- Re: Slapd, GNUTLS on Debian/Squeeze
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>
- Re: Slapd, GNUTLS on Debian/Squeeze
  - From: David Dumortier <d.dumortier@free.fr>

Prev by Date: Re: Slapd, GNUTLS on Debian/Squeeze
Next by Date: Can a Shadow Server "Proxy" UpdateRef?
Index(es):
- Chronological
- Thread