[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Using NSS

To: openldap-technical@openldap.org
Subject: Re: Using NSS
From: Braden McDaniel <braden@endoframe.com>
Date: Thu, 27 Oct 2011 10:37:49 -0400
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=endoframe.com; h=subject :from:to:date:in-reply-to:references:content-type :content-transfer-encoding:message-id:mime-version; s= endoframe.com; bh=wnUNGmcoeWVl5+W1nTG2WZP0l0M=; b=lApCSzXKqY2ewv ePY+wiYaTCvDo4MdeJ/i7kPxCIH3x0Yv6QQFVfv2IJdntuGncP9fgVMliITORBsc RB9Jve96/CZHO7w+agpfXQi0buogEWe9MY3OqIFvdhpoh/plEbwVLJX2JXX7r6RF hxIN98nf26sFqN9zFBCmu3xgDlO9g=
Domainkey-signature: a=rsa-sha1; c=nofws; d=endoframe.com; h=subject:from:to :date:in-reply-to:references:content-type :content-transfer-encoding:message-id:mime-version; q=dns; s= endoframe.com; b=ch9Cy7nZe6WnKJcdL1U/ZEr7Etxpf6q/Ba7TfE9fscuhG4P 3wQfxw9MTLKetG7/QafIVPwFlVzslU4OlBeDutlHmqfAvh9bY+wCWk93s04D9fAE A/e7/su5UAMgOSktuaYlNLDR6nY6XVq2NKjFNNk2+q9R9FdRbcvL/HCXXt1s=
In-reply-to: <20111027032848.GA4396@dan.olp.net>
References: <1319684004.6318.462.camel@rail.endoframe.net> <20111027032848.GA4396@dan.olp.net>

On Wed, 2011-10-26 at 22:28 -0500, Dan White wrote:
> On 26/10/11 22:53 -0400, Braden McDaniel wrote:
> >I am trying to get OpenLDAP (2.4.24) working with NSS on Fedora 15.  In
> >cn=config.ldif I have:
> >
> >        olcTLSCACertificatePath: /etc/pki/nssdb
> >        olcTLSCertificateFile: endoframe

[snip]

> >Any ideas of what I might be doing wrong, or where I should be looking
> >to debug this?
> 
> slapd was not started with the proper options to listen on ldaps:/// (port
> 636).

Thank you.  That got me this far:

        # ldapsearch -H ldaps://rail -b dc=endoframe,dc=net -x -d1
        ldap_url_parse_ext(ldaps://rail)
        ldap_create
        ldap_url_parse_ext(ldaps://rail:636/??base)
        ldap_sasl_bind
        ldap_send_initial_request
        ldap_new_connection 1 1 0
        ldap_int_open_connection
        ldap_connect_to_host: TCP rail:636
        ldap_new_socket: 3
        ldap_prepare_socket: 3
        ldap_connect_to_host: Trying ::1 636
        ldap_pvt_connect: fd: 3 tm: -1 async: 0
        TLS: file endoframe.pem does not end in [.0] - does not appear to be a CA certificate directory file with a properly hashed file name - skipping.
        TLS: error: connect - force handshake failure: errno 0 - moznss error -5938
        TLS: can't connect: TLS error -5938:Encountered end of file.
        ldap_err2string
        ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

I don't understand why it's looking for a file here.  My impression from
reading <http://www.openldap.org/faq/data/cache/1514.html> is that the
cert would be pulled from the database.

-- 
Braden McDaniel <braden@endoframe.com>

Follow-Ups:
- Re: Using NSS
  - From: Rich Megginson <rich.megginson@gmail.com>
- Re: Using NSS
  - From: Daniel Qian <daniel@up247solution.com>

References:
- Using NSS
  - From: Braden McDaniel <braden@endoframe.com>
- Re: Using NSS
  - From: Dan White <dwhite@olp.net>

Prev by Date: Re: Using NSS
Next by Date: Re: Using NSS
Index(es):
- Chronological
- Thread