[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP self-signed certificates issue
- To: Vijay Ganesan <vijay@thoughtspot.com>
- Subject: Re: OpenLDAP self-signed certificates issue
- From: Ryan Tandy <ryan@nardis.ca>
- Date: Mon, 08 Sep 2014 07:13:09 -0700
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nardis.ca; s=google; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=i+l/iHCm30PyyqUWSQsHh40LD2wojoNEY9LpXnCIUMg=; b=DqLksIFhDqUkqEMReX1TaVsDJsJDbYkF2KLY4JTXjNI0CTTMX/kyILsMFaSfjZzMbU NhfKTtrsPjvy5SECqK1FhKHm09tIHrB1YD9n2iAI1O5X2ta1fF3nI1400o3b76ixE2W5 TY4wcTU/tUtEiRV7XFLlSWM2VWPtafFZSKhXc=
- In-reply-to: <CAB+CZKBEsGUi2Gxw0OV2He-RCUgtadC=KDU+2Ub1gyEsfuzk3w@mail.gmail.com>
- References: <CAB+CZKBTFvhZgs+qwgaNOq6OHecT1R8bHj5JGFkX62xr5zXy9A@mail.gmail.com> <540CD59A.7050508@nardis.ca> <CAB+CZKBEsGUi2Gxw0OV2He-RCUgtadC=KDU+2Ub1gyEsfuzk3w@mail.gmail.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.7.0
On 07/09/14 10:28 PM, Vijay Ganesan wrote:
But I can't seem to connect using ldaps://localhost:636 using Apache
Directory Studio client. I get a "Error while opening connection -
Cannot connect on the server: Connection refused" error.
I can connect fine using ldap://localhost:389.
Like Udai wrote, ldaps is deprecated, and if possible you should use
STARTTLS on the LDAP port (389) instead. But if you really need ldaps,
then edit /etc/default/slapd, add ldaps:/// to the SLAPD_SERVICES line,
and restart slapd.
What diagnostics can be run to figure out if TLS is working correctly?
LDAPTLS_CACERT=/path/to/ca.pem ldapwhoami -H ldap://server -x -ZZ
Add '-d1' to see some debugging information, including more detailed
info from the TLS library.