Can't contact LDAP server (-1) additional info: error:14077410:SSL routines :SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Hi, can anyone help me with the error given in the title when entering the following command:
ldapmodify -x -W -D 'cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp' Enter LDAP Password: ldap_bind: Can't contact LDAP server (-1) additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Access by the dovecot user is also blocked and all mails stop...Thanks in advace. Below is the slapd conf file:
### configuration for IER ### writeen by T.Tanaka ### edited by WL.Tam
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema
# Allow LDAPv2 client connections. This is NOT the default. allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
####################################################################### # ldbm and/or bdb database definitions #######################################################################
database bdb suffix "dc=ier,dc=hit-u,dc=ac,dc=jp" rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" rootpw ier2009 directory /var/lib/ldap
overlay syncprov syncprov-checkpoint 50 10 syncprov-sessionlog 100
# Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index entryCSN,entryUUID eq idlcachesize 1000
access to attrs=userPassword by self write by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read by anonymous auth by * none
access to attrs=SambaLMPassword,SambaNTPassword by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read by self read by anonymous auth by * none
access to * by self write by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read by * read
wailok tam wailoktam@yahoo.com writes:
ldapmodify -x -W -D 'cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp' Enter LDAP Password: ldap_bind: Can't contact LDAP server (-1) additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Maybe you want to use SSLv3, and the server does not support it?
See eg. https://raymii.org/s/articles/Check_servers_for_the_Poodle_bug.html
On Sat, Nov 22, 2014 at 01:18:18PM +0100, Ferenc Wagner wrote:
Date: Sat, 22 Nov 2014 13:18:18 +0100 From: Ferenc Wagner wferi@niif.hu To: wailok tam wailoktam@yahoo.com Cc: openldap-technical@openldap.org Subject: Re: Can't contact LDAP server (-1) additional info: error:14077410:SSL routines :SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Sender: openldap-technical openldap-technical-bounces@openldap.org
wailok tam wailoktam@yahoo.com writes:
ldapmodify -x -W -D 'cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp' Enter LDAP Password: ldap_bind: Can't contact LDAP server (-1) additional info: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Maybe you want to use SSLv3, and the server does not support it?
I suspect that the ldap.conf file has a URL of the form ldaps://<server> but the config fragment we saw did not have any TLS config so ldaps: will not work.
Quick test:
ldapmodify -x -h ldap://<server>/ -W -D 'cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp'
Andrew
openldap-technical@openldap.org
-
Andrew Findlay -
Ferenc Wagner -
wailok tam