[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP 2.3.4 TLS negotiation failure



Hi
 
On the LDAP Server , I run following command is ok:
#ldapsearch -x -H ldap://ldap.server.com -ZZ
#ldapsearch -x -H ldap://ldap.server.com
 
But on my client , I run "#ldapsearch -x -H ldap://ldap.server.com", is ok;
Run "#ldapsearch -x -H ldap://ldap.server.com -ZZ" , I get the following error:
 [root@client cacerts]# ldapsearch -x -H ldap://ldap.server.com -ZZ
ldap_start_tls: Connect error (-11)
 
On LDAP Server log file, I get the following error messages:
Oct 23 16:41:25 auth slapd[4213]: conn=206 fd=24 ACCEPT from IP=192.168.9.9:45648 (IP=0.0.0.0:389)
Oct 23 16:41:25 auth slapd[4213]: conn=206 op=0 STARTTLS
Oct 23 16:41:25 auth slapd[4213]: conn=206 op=0 RESULT oid= err=0 text=
Oct 23 16:41:25 auth slapd[4213]: conn=206 fd=24 closed (TLS negotiation failure)
 
My client ldap configuration:
/etc/openldap/ldap.conf file:
BASE dc=server,dc=com
TLS_CACERT /etc/openldap/cacerts/ca.crt
SSL ON
TLS_REQCERT demand
 
/etc/ldap.conf file:
BASE dc=server,dc=com
SSL ON
TLS_CACERT /etc/openldap/cacert/ca.crt
TLS_REQCERT demand
 
Any suggestion what cause TLS negotiation failure?
 
Thanks!

Tian Zhiying