Dear all,
i have been experimenting with Ldap for 2 months now. I had a test RedHat V4 linux workstation 32-bit where i downloaded the most recent Red Hat rpms and installed openldap and made it work with SSL. The clients are 7 iMACs running OSX 10.4. The recommended tests went fine for the most part (expect i cant change user passwds). But i had some very happy users, being able to make the best of both worlds.
Then i decided to install LDAP with the same procedure on the production server, again RH V4, Enterprise 64-bit. While i could get it to work with out SSL, i am having hard time enabling SSL. On the linux ldap server when i do:
openssl s_client -connect localhost:636 -showcerts -state -CAfile /usr/share/ssl/certs/slapd.pem
i get CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A 18203:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:
i get the same result with the ldap service stopped on started.
I have used the same slapd.conf file in both cases. THe rpms are the same, the ssl rpms are the same from what i can tell the cyrus-sasl is the same.
Could anyone shed some light here? That would be mostly appreciated.
Many thanks kiriaki
i get the same result with the ldap service stopped on started.
Well, that doesn't make much sense. (I assume you mean "stopped or started," and a stopped slapd should result in a refused connection.) Are you sure you don't have any firewall/SELinux/etc. in the way?
Regardless, run slapd with -d option as described in Admin Guide (trace level perhaps). Start up a window with the slapd -d and another with your openssl and/or ldapsearch client, and see how/if the slapd process reacts to the incoming packets.
openldap-software@openldap.org
-
Aaron Richton -
kxiluri@email.arizona.edu