Hello Quanah,
On 4/12/11 7:28 PM, Quanah Gibson-Mount wrote:
--On Tuesday, April 12, 2011 7:10 PM +0200 Judith Flo Gayajflo@imppc.org wrote:
( I installed a newer version of openldap in my server as the RH6 uses an old one, I compiled it with tls and openssl)
From the client I do : ldapsearch -x -ZZ -d1 -h curri0.imppc.local:636
This is a startTLS request. You are using LDAPS. This will never work.
Try
ldapsearch -x -H ldaps://curri0.imppc.local:636/
It doesn't work either, still complains about not being able to contact the server. But now I see a different error:
ldapsearch -x -H ldaps://curri0.imppc.local:636 -d1 ldap_url_parse_ext(ldaps://curri0.imppc.local:636) ldap_create ldap_url_parse_ext(ldaps://curri0.imppc.local:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP curri0.imppc.local:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 172.19.5.13:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: could not initialize moznss using security dir /etc/openldap/cacerts - error -8174:Unknown code ___f 18. TLS: could not add the certificate (null) - error -8192:Unknown code ___f 0. TLS: error: connect - force handshake failure -1 - error -8054:Unknown code ___f 138 TLS: can't connect: . ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
and this is what the server says: slap_listener_activate(8):
slap_listener(ldaps://curri0.imppc.local:636)
connection_get(12): got connid=1008 connection_read(12): checking for input on id=1008 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(12): got connid=1008 connection_read(12): checking for input on id=1008 TLS trace: SSL3 alert read:fatal:bad certificate TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate. connection_read(12): TLS accept failure error=-1 id=1008, closing connection_close: conn=1008 sd=12
any clue? the error on the client side seems to indicate that the client is trying to use the nss from the mozilla but I never meant to this, openssl is installed. Thanks a lot for your help. j
instead.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc.
Zimbra :: the leader in open source messaging and collaboration