[Date Prev][Date Next] [Chronological] [Thread] [Top]

TLS problem

To: openldap-technical@openldap.org
Subject: TLS problem
From: Chris <chris@flamengro.co.za>
Date: Tue, 29 Jan 2013 10:22:04 +0200
Organization: Flamengro
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130106 Thunderbird/17.0.2

Hi

I am running Openldap 2.4.23 on RHEL6. I can telnet to the server on both 389 636 ports.
I can do a ldapsearch and ldapadd without any errors. I get this error when I start the slapd daemon.

ldap_start_tls_s() failed: Can't contact LDAP server: Transport endpoint is not connected (uri="ldap://ldapserver")
failed to bind to LDAP server ldap://ldapserver: Can't contact LDAP server: Transport endpoint is not connected

When I do a ldapsearch -x -d1 -Z -b 'dc=flamengro,dc=co,dc=za'

I get the following error

TLS: certificate [CA certificate details omitted here...] is not valid - error -8172:Peer's certificate issuer has been marked as not trusted by the user..
TLS: error: connect - force handshake failure: errno 0 - moznss error -8172
TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user..
ldap_err2string
ldap_start_tls: Connect error (-11)
    additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user

Any help will be appreciated.

This is my slapd.conf file

include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema
allow bind_v2
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
TLSCipherSuite          HIGH
TLSCertificateFile      /etc/pki/tls/certs/slapdcert.pem
TLSCertificateKeyFile   /etc/pki/tls/certs/slapdkey.pem
TLSVerifyClient         never
database        bdb
suffix          "dc=flamengro,dc=co,dc=za"
checkpoint      1024 15
rootdn          "cn=Manager,dc=flamengro,dc=co,dc=za"
rootpw                secret
directory       /var/lib/ldap/flamengro
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
database monitor
# allow only rootdn to read the monitor
access to *
        by dn.exact="cn=Manager,dc=flamengro,dc=co,dc=za" read
        by * none
access to attrs=userPassword,shadowLastChange
        by anonymous auth
        by self write
        by * none

I

begin:vcard
fn:Chris du Preez
n:du Preez;Chris
org:Flamengro
adr:;;;Pretoria;;;RSA
tel;work:+27 (0)124282989
tel;fax:+27 (0)124282061
tel;cell:+27 (0)836337420
version:2.1
end:vcard

Follow-Ups:
- Re: TLS problem
  - From: Dan White <dwhite@olp.net>
- Re: TLS problem
  - From: Rich Megginson <rich.megginson@gmail.com>
- Re: TLS problem
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: replication between a back-sql master and back-hdb slave
Next by Date: 389 port is closed from the client point of view
Index(es):
- Chronological
- Thread