At 06:41 PM 10/5/2006, Hai Zaar wrote:
On 10/6/06, Dan O'Reilly dano@process.com wrote:
Using ldapsearch on a VMS system to attempt to do a directory lookup using SSL to a non-OpenLDAP directory on another system. I verified the root CA certificate is correct using:
Any ideas? I've been pulling my hair out over this for a couple weeks now. If I do this same search using port 389 and no SSL it works correctly.
What does slapd log show regarding this connection?
Did you try SSL on port 389 (i.e. StartTSL) - you can imply it by specifying "-ZZZ" and "-p 389"
$ ldapsearch "-ZZZ" -p 389 -d 255 -s base -x -w xxxxxxxx -v "-D" "cn=Administrator,CN=Users,dc=altdomain2000,dc=psccos,dc=com" -b"cn=Users,dc=altdomain2000,d c=psccos,dc=com" -h adtest.altdomain2000.psccos.com "(&(objectclass=user)(sAMAccountName=oreilly))" ldap_initialize( ldap://adtest.altdomain2000.psccos.com:389 ) ldap_create ldap_url_parse_ext(ldap://adtest.altdomain2000.psccos.com:389) ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP adtest.altdomain2000.psccos.com:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 192.168.0.27:389 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x0043ba98 ptr=0x0043ba98 end=0x0043bab7 len=31 0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ber_scanf fmt ({) ber: ber_dump: buf=0x0043ba98 ptr=0x0043ba9d end=0x0043bab7 len=26 0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1. 0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037 ber_flush: 31 bytes to sd 3 0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ldap_write: want=31, written=31 0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 ldap_write: want=31, written=31 0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ldap_result ld 43B028 msgid 1 ldap_chkResponseList ld 43B028 msgid 1 all 1 ldap_chkResponseList returns ld 43B028 NULL wait4msg ld 43B028 msgid 1 (infinite timeout) wait4msg continue ld 43B028 msgid 1 all 1 ** ld 43B028 Connections: * host: adtest.altdomain2000.psccos.com port: 389 (default) refcnt: 2 status: Connected last used: Thu Oct 5 21:34:49 2006
** ld 43B028 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** ld 43B028 Response Queue: Empty ldap_chkResponseList ld 43B028 msgid 1 all 1 ldap_chkResponseList returns ld 43B028 NULL ldap_int_select read1msg: ld 43B028 msgid 1 all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 84 00 00 00 16 02 01 0....... ldap_read: want=20, got=20 0000: 01 78 84 00 00 00 0d 30 84 00 00 00 07 0a 01 02 .x.....0........ 0010: 04 00 04 00 .... ber_get_next: tag 0x30 len 22 contents: ber_dump: buf=0x0043ec68 ptr=0x0043ec68 end=0x0043ec7e len=22 0000: 02 01 01 78 84 00 00 00 0d 30 84 00 00 00 07 0a ...x.....0...... 0010: 01 02 04 00 04 00 ...... read1msg: ld 43B028 msgid 1 message type extended-result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x0043ec68 ptr=0x0043ec6b end=0x0043ec7e len=19 0000: 78 84 00 00 00 0d 30 84 00 00 00 07 0a 01 02 04 x.....0......... 0010: 00 04 00 ... read1msg: ld 43B028 0 new referrals read1msg: mark request completed, ld 43B028 msgid 1 request done: ld 43B028 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_extended_result ber_scanf fmt ({eAA) ber: ber_dump: buf=0x0043ec68 ptr=0x0043ec6b end=0x0043ec7e len=19 0000: 78 84 00 00 00 0d 30 84 00 00 00 07 0a 01 02 04 x.....0......... 0010: 00 04 00 ... ldap_msgfree ldap_perror ldap_start_tls: Decoding error (-4)
------ +-------------------------------+----------------------------------------+ | Dan O'Reilly | "There are 10 types of people in this | | Principal Engineer | world: those who understand binary | | Process Software | and those who don't." | | http://www.process.com | | +-------------------------------+----------------------------------------+
On 10/6/06, Dan O'Reilly dano@process.com wrote:
At 06:41 PM 10/5/2006, Hai Zaar wrote:
On 10/6/06, Dan O'Reilly dano@process.com wrote:
Using ldapsearch on a VMS system to attempt to do a directory lookup using SSL to a non-OpenLDAP directory on another system. I verified the root CA certificate is correct using:
Any ideas? I've been pulling my hair out over this for a couple weeks now. If I do this same search using port 389 and no SSL it works correctly.
What does slapd log show regarding this connection?
Ok. So what is there in the slapd logs?
On 10/6/06, Hai Zaar haizaar@gmail.com wrote:
Ok. So what is there in the slapd logs?
As far as i know, he fixed it, i got that reply from him yesterday :
Using the URI keyword in the LDAP.CONF or as a -H option to ldapsearch did the trick.
Thanks!
openldap-software@openldap.org
-
Dan O'Reilly -
FRLinux -
Hai Zaar