Re: Can't contact LDAP server (-1) additional info: error:14077410:SSL routines :SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Sat, Nov 22, 2014 at 01:18:18PM +0100, Ferenc Wagner wrote:

> Date: Sat, 22 Nov 2014 13:18:18 +0100
> From: Ferenc Wagner <wferi@niif.hu>
> To: wailok tam <wailoktam@yahoo.com>
> Cc: openldap-technical@openldap.org
> Subject: Re: Can't contact LDAP server (-1) additional info:
>  error:14077410:SSL routines :SSL23_GET_SERVER_HELLO:sslv3 alert handshake
>  failure
> Sender: openldap-technical <openldap-technical-bounces@openldap.org>
> 
> wailok tam <wailoktam@yahoo.com> writes:
> 
> > ldapmodify -x -W -D 'cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp'
> > Enter LDAP Password:
> > ldap_bind: Can't contact LDAP server (-1) additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
> 
> Maybe you want to use SSLv3, and the server does not support it?

I suspect that the ldap.conf file has a URL of the form ldaps://<server>
but the config fragment we saw did not have any TLS config so ldaps: will
not work.

Quick test:

	ldapmodify -x -h ldap://<server>/ -W -D 'cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp'

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------