11:48 p.m.
Hello Guillaume Rousse/team,
I am getting below error from the master server when I give 636 port number in my HDB
config file
Sep 16 06:41:59 gb0135embldap01 slapd[4672]: conn=349739 fd=39 ACCEPT from
IP=163.183.2.145:43965 (IP=0.0.0.0:636)
Sep 16 06:41:59 gb0135embldap01 slapd[4672]: conn=349739 fd=39 closed (TLS negotiation
failure)
and When I gibe 389 in my HDB config, I get below message from master server.
Sep 16 06:31:51 gb0135embldap01 slapd[4672]: conn=349046 fd=38 ACCEPT from
IP=163.183.2.145:49242 (IP=0.0.0.0:389)
Sep 16 06:31:51 gb0135embldap01 slapd[4672]: conn=349046 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Sep 16 06:31:51 gb0135embldap01 slapd[4672]: conn=349046 op=0 STARTTLS
Sep 16 06:31:51 gb0135embldap01 slapd[4672]: conn=349046 op=0 RESULT oid= err=0 text=
Sep 16 06:31:51 gb0135embldap01 slapd[4672]: conn=349040 op=6 SRCH
base="ou=Groups,dc=emb,dc=slb,dc=com" scope=2 deref=0
filter="(&(objectClass=sambaGroupMapping)(gidNumber=443298))"
Sep 16 06:31:51 gb0135embldap01 slapd[4672]: conn=349040 op=6 SRCH attr=gidNumber sambaSID
sambaGroupType sambaSIDList description displayName cn objectClass
Sep 16 06:31:51 gb0135embldap01 slapd[4672]: conn=349040 op=6 SEARCH RESULT tag=101 err=0
nentries=0 text=
Sep 16 06:31:51 gb0135embldap01 slapd[4672]: conn=349044 op=2 UNBIND
Sep 16 06:31:51 gb0135embldap01 slapd[4672]: conn=349044 fd=19 closed
Sep 16 06:31:51 gb0135embldap01 slapd[4672]: conn=349037 fd=60 closed (connection lost)
but there is no much data replication happened I get below message from slave server...
for 636
Sep 16 10:47:26 ae0043app05 slapd[10982]: slap_client_connect:
URI=ldap://gb0135embldap01.emb.slb.com:636 Error, ldap_start_tls failed (-1)
Sep 16 10:47:26 ae0043app05 slapd[10982]: do_syncrepl: rid=365 rc -1 retrying
for 389
Sep 16 10:31:42 ae0043app05 slapd[10282]: slap_client_connect:
URI=ldap://gb0135embldap01.emb.slb.com:389 Error, ldap_start_tls failed (-11)
I dont know how to check TLS manually... could you please help me...
Thanks & Regards,
Arun Sasi Venmalassery
-------------------------------------------------------------------------------------------------------------------------------------
Sr. Engineer - Server Management (UNIX),
Wipro Ltd (Dubai) |Mob: +971 566489491 | E: arun.sasi1(a)wipro.com
________________________________________
From: openldap-technical-bounces(a)OpenLDAP.org [openldap-technical-bounces(a)OpenLDAP.org] on
behalf of openldap-technical-request(a)OpenLDAP.org
[openldap-technical-request(a)OpenLDAP.org]
Sent: Friday, September 14, 2012 5:30 PM
To: openldap-technical(a)openldap.org
Subject: openldap-technical Digest, Vol 58, Issue 12
------------------------------
Message: 3
Date: Thu, 13 Sep 2012 14:38:20 +0200
From: Guillaume Rousse <guillomovitch(a)gmail.com>
To: openldap-technical(a)openldap.org
Subject: Re: Error, ldap_start_tls failed (-11)
Message-ID: <5051D3BC.3020207(a)gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Le 13/09/2012 14:16, arun.sasi1(a)wipro.com a ?crit :
Hello Team,
I have an issue with OpenLDAP TLS based replication
Getting below error
slap_client_connect: URI=ldap://gb0135embldap01.emb.slb.com Error,
ldap_start_tls failed (-11)
Sep 13 16:13:34 ae0043app05 slapd[2582]: do_syncrepl: rid=365 rc -11
retrying
I have openLDAP in Ubuntu 9.04 version 2.4.19 then I thought to updgrade
it and first I upgraded on my consumer openldap server which I migrated
to Ubuntu 12.04 and version 2.4.28.
I have created the certificate for my consumer from existing server. but
when I go for TLS based replication, the database is not syncing and it
is synching when remove starttls=no
What does the master log say, and did you try a
manual connection with
the same credentials from the slave to the master, using TLS ?
--
BOFH excuse #166:
/pub/lunch
The information contained in this electronic message and any attachments to this message
are intended for the exclusive use of the addressee(s) and may contain proprietary,
confidential or privileged information. If you are not the intended recipient, you should
not disseminate, distribute or copy this e-mail. Please notify the sender immediately and
destroy all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this
email and any attachments for the presence of viruses. The company accepts no liability
for any damage caused by any virus transmitted by this email.
www.wipro.com
1:35 a.m.
Le 16/09/2012 08:48, arun.sasi1(a)wipro.com a écrit :
for 636
Sep 16 10:47:26 ae0043app05 slapd[10982]: slap_client_connect:
URI=ldap://gb0135embldap01.emb.slb.com:636 Error, ldap_start_tls failed (-1)
Sep 16 10:47:26 ae0043app05 slapd[10982]: do_syncrepl: rid=365 rc -1 retrying
Using
plain ldap protocol on port 636 is bound to fail: either use ldaps
on this port, or plain ldap on port 389 with start_tls.
for 389
Sep 16 10:31:42 ae0043app05 slapd[10282]: slap_client_connect:
URI=ldap://gb0135embldap01.emb.slb.com:389 Error, ldap_start_tls failed (-11)
I dont know how to check TLS manually... could you please help me...
ldapsearch -H
ldaps://your.server.tld -d 1
BTW, your problem seems to be a generic SSL issue, likely to comes from
your server certificate.
--
BOFH excuse #87:
Password is too complex to decrypt
4089
days inactive
4090
days old
openldap-technical@openldap.org
1 comments
2 participants
participants (2)
-
arun.sasi1@wipro.com -
Guillaume Rousse