21 May
2025
21 May
'25
1:52 a.m.
Am 21.05.25 um 10:48 schrieb Nick Milas:
Hello,
I have managed to start the migrated LDAP server on Rocky 9, v2.6.9 LTB.
It seems to be working fine but, I cannot connect over ssl (ldaps, port 636).
I am trying to connect with Apache Directory Studio but it fails, although I am using the same certificate as on the orignal server (the cert covers both server names).
I have enabled conns logging on the server and I see connection coming in, but for some reason it fails (input error=-2):
Could you please guide me to troubleshoot this?
May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 busy May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL *May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: accept() = 14* May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL *May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: listen=9, new connection on 14 May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: added 14r (active) listener=(nil)* May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL *May 21 11:19:14 ldap1.noa.gr slapd[17512]: conn=1002 fd=14 ACCEPT from IP=195.251.xxx.xxx:51334 (IP=0.0.0.0:636)* May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: 14r May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: read active on 14 May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: 14r May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: read active on 14 May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: 14r May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: read active on 14 May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL *May 21 11:19:14 ldap1.noa.gr slapd[17512]: conn=1002 fd=14 TLS established tls_ssf=256 ssf=256 tls_proto=TLSv1.3 tls_cipher=TLS_AES_256_GCM_SHA384* May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: 14r May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: read active on 14 May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL *May 21 11:19:14 ldap1.noa.gr slapd[17512]: conn=1002 op=0 BIND dn="uid=userx,ou=people,dc=noa,dc=gr" method=128 May 21 11:19:14 ldap1.noa.gr slapd[17512]: conn=1002 op=0 BIND dn="uid=userx,ou=people,dc=noa,dc=gr" mech=SIMPLE bind_ssf=0 ssf=256 May 21 11:19:14 ldap1.noa.gr slapd[17512]: conn=1002 op=0 RESULT tag=97 err=0 qtime=0.000034 etime=0.000475 text=* May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:44 ldap1.noa.gr slapd[17512]: 14r May 21 11:19:44 ldap1.noa.gr slapd[17512]: May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: read active on 14 May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL *May 21 11:19:44 ldap1.noa.gr slapd[17512]: connection_read(14): input error=-2 id=1002, closing. May 21 11:19:44 ldap1.noa.gr slapd[17512]: connection_closing: readying conn=1002 sd=14 for close May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: removing 14 May 21 11:19:44 ldap1.noa.gr slapd[17512]: conn=1002 fd=14 closed (connection lost)*May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:44 ldap1.noa.gr slapd[17512]: May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULLI have tried removing the olcTLSCipherSuite attribute, but it won't work anyway.
As a side note, I see that logging is directed to the journal. Could I redirect it to a file instead? I have set olcLogFile, but logging is directed to the journal nevertheless.
Thanks a lot, Nick
What is the output of your query with "-d -1" added to the command line? What is the output of "openssl s_client -connect $SERVER:636"?
Can you query your server when you disable certificate checking in ldap.conf ("TLS_REQCERT allow")?