I have to machine, on the first there is no problem in connecting to the LDAP server (IBM directory server). The first machine is RedHat RHEL5 Client, the second is Ubuntu karmic 9.10.
First machine looks like this:
<root@trog /etc/openldap># uname -a Linux trog.krakow.pl.ibm.com 2.6.30 #1 SMP Fri Jun 26 08:44:06 CEST 2009 i686 i686 i386 GNU/Linux <root@trog /etc/openldap># rpm -qa |grep ldap python-ldap-2.2.0-2.1 openldap-2.3.43-3.el5 openldap-devel-2.3.43-3.el5 nss_ldap-253-21.el5 mozldap-6.0.5-1.el5 openldap-clients-2.3.43-3.el5 openldap-compat-2.1.30-1.oc2 <root@trog /etc/openldap># cat ldap.conf # # LDAP Defaults #
# See ldap.conf(5) for details # This file should be world readable but not world writable.
#BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
TLS_CACERT /etc/openldap/cacerts/bp.cert
On the second the configuration is:
root@xwing:/etc/ldap# uname -a Linux xwing 2.6.31-server #1 SMP Thu Oct 1 11:55:18 CEST 2009 i686 GNU/Linux root@xwing:/etc/ldap# dpkg -l |grep ldap ii ldap-utils 2.4.15-1ubuntu3 OpenLDAP utilities ii libldap-2.4-2 2.4.15-1ubuntu3 OpenLDAP libraries root@xwing:/etc/ldap# cat ldap.conf # # LDAP Defaults #
# See ldap.conf(5) for details # This file should be world readable but not world writable.
#BASE dc=example,dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
TLS_CACERT /etc/ldap/cacerts/bp.cert
When I start the ldapsearch on the second machine, I get the error:
root@xwing:/etc/ldap# ldapsearch -d5 -x -H ldaps://myldapserver.com ldap_url_parse_ext(ldaps://myldapserver.com) ldap_create ldap_url_parse_ext(ldaps://myldapserver.com:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP myldapserver.com:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 9.17.186.253:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: can't connect: A TLS packet with unexpected length was received.. ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
What is more... when using ldap:// instead of ldaps:// on the second machine everything works perfectly, but since it's not secured connection I cannot accept that solution.
The ldapsearch works fine on the first machine for both secure and insecure connection.
Can anyone help?
-- Tomasz 'Trog' Welman Software Developer external: 48-12-628-9449 ITN: 34819449 T/L: 9449
IBM SWG Lab, Krakow, Poland IBM Polska Sp. z o.o. oddział w Krakowie ul. Armii Krajowej 18 30 -150 Kraków NIP: 526-030-07-24, KRS 0000012941 Kapitał zakładowy: 33.000.000 PLN