Hello everyone!
Wrote to openldap-software, but got "Technical details of permanent failure: Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.1.1 openldap-software@openldap.org... User unknown (state 14)."
So I'm here.
I'm trying to make openldap+TLS on freebsd 7.3.
I configured openldap, nss_ldap, ldap.conf, nsswitch.conf, can ldapsearch it, can make "id user" and etc.
So when I do "id test" I get uid=5555(test) gid=5555 groups=5555 All ok.
And now I want to add TLS to it.
So I add to slapd.conf
TLSCertificateFile /usr/local/etc/openldap/ssl/ldap.server.ru.crt.pem TLSCertificateKeyFile /usr/local/etc/openldap/ssl/ldap.server.ru.key.pem TLSCACertificateFile /usr/local/etc/openldap/ssl/rootcrt.pem
In nss_ldap and ldap.conf I add folowing:
ssl start_tls tls_cacertfile /usr/local/etc/openldap/ssl-client/rootcrt.pem
I start slapd with debugging:
/usr/local/libexec/slapd -u ldap -d 1 and making "id test" I get
"id: test: no such user"
And slapd debug:
slap_listener_activate(7):
slap_listener(ldap:///)
connection_get(11): got connid=1000 connection_read(11): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 29 contents: op tag 0x77, time 1284477158 ber_get_next conn=1000 op=0 do_extended ber_scanf fmt ({m) ber: send_ldap_extended: err=0 oid= len=0 send_ldap_response: msgid=1 tag=120 err=0 ber_flush2: 14 bytes to sd 11 connection_get(11): got connid=1000 connection_read(11): checking for input on id=1000 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(11): got connid=1000 connection_read(11): checking for input on id=1000 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_read(11): unable to get TLS client DN, error=49 id=1000 connection_get(11): got connid=1000 connection_read(11): checking for input on id=1000 ber_get_next ber_get_next: tag 0x30 len 5 contents: op tag 0x42, time 1284477158 ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 11 failed errno=0 (Undefined error: 0) conn=1000 op=1 do_unbind connection_close: conn=1000 sd=11 TLS trace: SSL3 alert write:warning:close notify
That's all. What's wrong? Where should I look at? What other information should I post here? I do not like this string: "ber_get_next on fd 11 failed errno=0 (Undefined error: 0)" But I do not know what that mean.