Problem with tls connections - openldap-software

4 Sep 2008


      Hello,
i have a problem with tls connections to my openldap server.
The openldap server is running on debian. I created all certificates 
with openssl. If I use ldapsearch on the server (SASL//EXTERNAL mech/) 
everything works fine, but if i try to connect with jxplorer, 
ldapbrowser (softera), eclipse (apache directoy), or with the examples 
from jldap, i always got the same error: 
javax.net.ssl.SSLHandshakeException: Remote host closed connection 
during handshake
This is the log from the openldap server.
Sep  5 08:18:33 domain slapd[1770]: slapd starting
Sep  5 08:18:33 domain slapd[1770]: daemon: added 4r listener=(nil)
Sep  5 08:18:33 domain slapd[1770]: daemon: added 6r listener=0x8129238
Sep  5 08:18:33 domain slapd[1770]: daemon: added 7r listener=0x8129300
Sep  5 08:18:33 domain slapd[1770]: daemon: select: listen=6 
active_threads=0 tvp=NULL
Sep  5 08:18:33 domain slapd[1770]: daemon: select: listen=7 
active_threads=0 tvp=NULL
Sep  5 08:20:46 domain slapd[1770]: daemon: activity on 1 descriptor
Sep  5 08:20:46 domain slapd[1770]: >>> slap_listener(ldap:///)
Sep  5 08:20:46 domain slapd[1770]: daemon: listen=7, new connection on 12
Sep  5 08:20:46 domain slapd[1770]: daemon: added 12r (active) 
listener=(nil)
Sep  5 08:20:46 domain slapd[1770]: conn=0 fd=12 ACCEPT from 
IP=192.168.0.2:2578 (IP=0.0.0.0:389)
Sep  5 08:20:46 domain slapd[1770]: daemon: select: listen=6 
active_threads=0 tvp=NULL
Sep  5 08:20:46 domain slapd[1770]: daemon: select: listen=7 
active_threads=0 tvp=NULL
Sep  5 08:20:46 domain slapd[1770]: daemon: activity on 1 descriptor
Sep  5 08:20:46 domain slapd[1770]: daemon: activity on:
Sep  5 08:20:46 domain slapd[1770]:  12r
Sep  5 08:20:46 domain slapd[1770]: Sep  5 08:20:46 domain slapd[1770]: 
daemon: read activity on 12
Sep  5 08:20:46 domain slapd[1770]: connection_get(12)
Sep  5 08:20:46 domain slapd[1770]: connection_get(12): got connid=0
Sep  5 08:20:46 domain slapd[1770]: connection_read(12): checking for 
input on id=0
Sep  5 08:20:46 domain slapd[1770]: ber_get_next on fd 12 failed errno=0 
(Success)
Sep  5 08:20:46 domain slapd[1770]: connection_read(12): input error=-2 
id=0, closing.
Sep  5 08:20:46 domain slapd[1770]: connection_closing: readying conn=0 
sd=12 for close
Sep  5 08:20:46 domain slapd[1770]: connection_close: conn=0 sd=-1
Sep  5 08:20:46 domain slapd[1770]: daemon: removing 12
Sep  5 08:20:46 domain slapd[1770]: conn=0 fd=12 closed (connection lost)
Sep  5 08:20:46 domain slapd[1770]: daemon: select: listen=6 
active_threads=0 tvp=NULL
Sep  5 08:20:46 domain slapd[1770]: daemon: select: listen=7 
active_threads=0 tvp=NULL
Sep  5 08:20:46 domain slapd[1770]: daemon: activity on 1 descriptor
Sep  5 08:20:46 domain slapd[1770]: daemon: waked
Sep  5 08:20:46 domain slapd[1770]: daemon: select: listen=6 
active_threads=0 tvp=NULL
Sep  5 08:20:46 domain slapd[1770]: daemon: select: listen=7 
active_threads=0 tvp=NULL
What the meaning of the two lines
ber_get_next on fd 12 failed errno=0 (Success)
connection_read(12): input error=-2 id=0, closing.
Sorry for my bad english.
thx for help.
Any help or pointers would be appreciated.
Thanks.
Norman