Hi all,
I'm confusing about this problem. Please help...
I installed OpenLDAP (2.4.25) with Cyrus SASL (2.1.23) and OpenSSL (0.9.8r). I started LDAP with SSL port:
#./slapd -h 'ldaps:///'
Everything OK, but when i test uid of OpenLDAP with SASL, i have a problem:
root@ftp:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456 0: NO "authentication failed"
I check log and have a message:
ldap_simple_bind_s ldap_sasl_bind_s ldap_sasl_bind
ldap_send_initial_request ldap_new_connection 1 1 0
ldap_int_open_connection ldap_connect_to_host: TCP localhost:636
ldap_new_socket: 10 ldap_prepare_socket: 10 ldap_connect_to_host: Trying 127.0.0.1:636 ldap_pvt_connect: fd: 10 tm: 5 async: 0 ldap_ndelay_on: 10
ldap_int_poll: fd: 10 tm: 5 ldap_is_sock_ready: 10 ldap_ndelay_off: 10
ldap_pvt_connect: 0 TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 0, subject: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com, issuer: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com TLS certificate verification: depth: 0, err: 7, subject: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com, issuer: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com TLS certificate verification: Error, certificate signature failure TLS trace: SSL3 alert write:fatal:decrypt error TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect: error:14090086:SSL routines:func(144):reason(134) (certificate signature failure). ldap_err2string ldap_unbind ldap_create
ldap_url_parse_ext(ldaps://localhost) ldap_simple_bind_s
ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request
ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:636 ldap_new_socket: 10 ldap_prepare_socket: 10
ldap_connect_to_host: Trying 127.0.0.1:636 ldap_pvt_connect: fd: 10 tm: 5 async: 0 ldap_ndelay_on: 10 ldap_int_poll: fd: 10 tm: 5
ldap_is_sock_ready: 10 ldap_ndelay_off: 10 ldap_pvt_connect: 0 TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 0, subject: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com, issuer: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com TLS certificate verification: depth: 0, err: 7, subject: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com, issuer: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com TLS certificate verification: Error, certificate signature failure TLS trace: SSL3 alert write:fatal:decrypt error TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect: error:14090086:SSL routines:func(144):reason(134) (certificate signature failure). ldap_err2string saslauthd[766] :do_auth : auth failure: [user=khanhnq] [service=imap] [realm=] [mech=ldap] [reason=Unknown] saslauthd[766] :do_request : response: NO
What i'm doing wrong? I test OpenSSL using client authenticate and it's work OK.
# openssl s_client -connect localhost:636 -state -CAfile /var/myCA/demoCA/cacert.pem -cert /var/myCA/clientcrt.pem -key /var/myCA/clientkey.pem CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A depth=1 /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com verify return:1 depth=0 /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certificate A SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com
i:/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com 1 s:/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com
i:/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com --- Server certificate -----BEGIN CERTIFICATE-----
MIICiTCCAfKgAwIBAgIJAMmeK8RVIEWgMA0GCSqGSIb3DQEBBQUAMEgxCzAJBgNV
BAYTAlZOMQwwCgYDVQQIEwNIQ00xDDAKBgNVBAoTA1NHVDELMAkGA1UECxMCTlcx
EDAOBgNVBAMTB2FiYy5jb20wHhcNMTEwNjEzMDYzMDQ3WhcNMTIwNjEyMDYzMDQ3
WjBIMQswCQYDVQQGEwJWTjEMMAoGA1UECBMDSENNMQwwCgYDVQQKEwNTR1QxCzAJ
BgNVBAsTAk5XMRAwDgYDVQQDEwdhYmMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDEW/sP8n2M7y0LT7ONPZQSnWdOC+E2qyngXaouoKEZauyLkTwWJyQY
MkCeGKwQo1KMGd1O04sw5uD2IWgYBfGuynSalyfGfwETGc4Y/xPHV+FpOY5KRssn
qzmL5Gso276vIOR4KnjZdm5Msp3WQ2z4aNUkLbMspyBugKP9GgjfAwIDAQABo3sw
eTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUD7QVqUbn35Jgi1yQdumsHRBdAkswHwYDVR0j
BBgwFoAUAdNX4GIDCCQpSpUEfLXJPW74L2IwDQYJKoZIhvcNAQEFBQADgYEAMf8i
zRpqasBFf6acpRvGG/AkLU+Cz10ffH6zE3DsoKngxP6zEDFOb1quX+E7RE98W/0T
iQPLqS5XLIuLX6BNRjnv79DdyynpwsFVip6pHvDZafWBXrzWVn7WEXy5+VpfjBxe
CADHvgvp4LXh7EtvppO1vPyvphCCexsmCIzoxyA= -----END CERTIFICATE-----
subject=/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com
issuer=/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com --- Acceptable client certificate CA names /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com --- SSL handshake has read 2431 bytes and written 1804 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA
Session-ID: B79630EC32BF14F01931D1EAB3DC0CF7DA29B42E012C8BD8171EEF46D993BB96
Session-ID-ctx: Master-Key: 230F7D9D0736A40EB148CA9091BA0105E6949721E55FD9F84AD057C1CBA38F0A1B2269CAB07E7E71E3310954DDF260BF
Key-Arg : None TLS session ticket: 0000 - 07 19 41 07 ec 4c 66 10-24 a0 dd be 02 ff 05 90 ..A..Lf.$....... 0010 - a0 f8 64 d3 08 77 a0 bf-24 81 ad 04 b8 d9 e6 9a ..d..w..$....... 0020 - 04 5a df 4a d5 a1 65 2b-52 4c d4 a2 c2 d6 8b 7f .Z.J..e+RL...... 0030 - fa 66 c7 05 54 58 fa 5d-9a a3 75 82 d0 e8 76 dd .f..TX.]..u...v. 0040 - 4f da 54 ac 8e 40 95 68-7c da 6f 08 7f 52 a3 f6 O.T..@.h|.o..R.. 0050 - c2 bd 44 ff dd 95 b3 0c-e5 9e 16 95 7c c8 6d ee ..D.........|.m. 0060 - 96 03 6b db ae 8c 34 8e-a3 29 87 16 f0 a6 0e 8c ..k...4..)...... 0070 - ac fa c2 76 4a 2d 75 f5-fc b7 1e 83 ec a7 47 0a ...vJ-u.......G. 0080 - 72 50 e8 24 e2 22 34 5f-ff 6a b1 ea f0 cc 2e 55 rP.$."4_.j.....U 0090 - 9f ec ea 1b b5 da 12 70-f4 0c ee 10 5b d0 4e 7a .......p....[.Nz 00a0 - 0d 60 06 70 02 f7 eb a3-f3 79 a7 69 5d c3 61 d3 .`.p.....y.i].a. 00b0 - 51 2a 8a 82 c2 11 70 c9-8b 4f 19 58 50 83 6b 0e Q*....p..O.XP.k. 00c0 - bf 9e aa 6a 8f 72 59 9c-10 da cc 8f 90 05 db e2 ...j.rY......... 00d0 - 08 31 d8 62 1a 24 0d 50-a4 e1 75 e6 ee 49 19 32 .1.b.$.P..u..I.2 00e0 - 1f b6 0e 77 11 42 ce 3a-7e 7e 9c 2b be 59 d4 b4 ...w.B.:~~.+.Y.. 00f0 - 24 36 b0 a5 39 30 9f 3a-49 f7 19 10 73 f1 3e 06 $6..90.:I...s.>. 0100 - b4 04 58 3a 5f 4c 02 29-54 b1 25 c7 2f 06 4a 62 ..X:_L.)T.%./.Jb 0110 - fb 4b 52 82 ea 50 7e 12-0e 8b 5a eb a4 34 77 3c .KR..P~...Z..4w< 0120 - 9f f4 0d 85 0f 43 9a 5d-f1 ba 3e 28 ab 86 98 17 .....C.]..>(.... 0130 - d1 10 49 d2 a6 f3 e7 32-72 62 41 ac 4c 51 4b 05 ..I....2rbA.LQK. 0140 - bd e7 a3 30 cd 47 37 95-f9 76 1d 4a f1 a2 58 b0 ...0.G7..v.J..X. 0150 - 0b a8 ca 4e 4f a1 67 ff-01 3e 11 29 a9 db f1 3e ...NO.g..>.)...> 0160 - 43 64 f8 58 4e d3 44 6f-ee cc 61 6d b3 82 ab 77 Cd.XN.Do..am...w 0170 - e7 3b 6b 83 af b7 42 76-89 e2 e0 d6 8e 66 61 fe .;k...Bv.....fa. 0180 - df 7c d8 28 63 04 22 06-cd 41 28 46 d4 08 00 b4 .|.(c."..A(F.... 0190 - 2b 9e 90 ec ee 9f 8e 34-9b 15 5c 71 e8 29 88 c8 +......4..q.).. 01a0 - 35 4d 88 aa c3 05 53 0a-b8 bd 90 38 68 cf 8b 0b 5M....S....8h... 01b0 - b0 f3 48 c0 02 8a 9f be-05 1b 13 4a 49 67 32 8f ..H........JIg2. 01c0 - 66 f2 41 18 11 f1 eb ed-2a d0 a4 de d9 10 83 95 f.A.....*....... 01d0 - c6 aa 1a 74 83 36 31 db-68 b1 88 37 2b 18 da 6b ...t.61.h..7+..k 01e0 - b9 be 87 36 64 5c a0 b1-23 eb df d9 8f 96 10 ae ...6d..#....... 01f0 - 4e db 3b c2 77 65 a4 11-df 65 a8 26 98 4f df 69 N.;.we...e....... 0210 - f6 93 93 b1 c0 89 65 3a-0d bc 16 e8 f0 5f 9f 5c ......e:....._. 0220 - 8a bc ea 56 b7 e7 d4 75-4c 19 6d 18 73 64 3c 95 ...V...uL.m.sd. 0260 - 78 0d 94 f1 3a 1a 64 35-b5 54 b5 84 76 44 62 b1 x...:.d5.T..vDb. 0270 - 36 5c 1d d6 79 27 6d 1c-3c df bb d2 bf 2c 06 40 6..y'm.
Your openssl command defines the CAcert file - is that configured correctly in your client?
To better test openldap specifically, can you do an ldapsearch (using cacert, of course)?
- chris
Chris Jacobs, Systems Administrator, Technology Services Group Apollo Group | Apollo Marketing & Product Development | Aptimus, Inc. 2001 6th Ave | Ste 3200 | Seattle, WA 98121 phone: 206.839-8245 | cell: 206.601.3256 | Fax: 208.441.9661 email: chris.jacobs@apollogrp.edu
________________________________ From: openldap-technical-bounces@OpenLDAP.org openldap-technical-bounces@OpenLDAP.org To: openldap-technical@openldap.org openldap-technical@openldap.org Sent: Mon Jun 13 01:01:24 2011 Subject: OpenLDAp + OpenSSL: decrypt error
Hi all,
I'm confusing about this problem. Please help...
I installed OpenLDAP (2.4.25) with Cyrus SASL (2.1.23) and OpenSSL (0.9.8r). I started LDAP with SSL port:
#./slapd -h 'ldaps:///'
Everything OK, but when i test uid of OpenLDAP with SASL, i have a problem:
root@ftp:/usr/local/sasl2/sbin# ./testsaslauthd -u khanhnq -p 123456 0: NO "authentication failed"
I check log and have a message:
ldap_simple_bind_s ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:636 ldap_new_socket: 10 ldap_prepare_socket: 10 ldap_connect_to_host: Trying 127.0.0.1:636 ldap_pvt_connect: fd: 10 tm: 5 async: 0 ldap_ndelay_on: 10 ldap_int_poll: fd: 10 tm: 5 ldap_is_sock_ready: 10 ldap_ndelay_off: 10 ldap_pvt_connect: 0 TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 0, subject: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com, issuer: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com TLS certificate verification: depth: 0, err: 7, subject: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com, issuer: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com TLS certificate verification: Error, certificate signature failure TLS trace: SSL3 alert write:fatal:decrypt error TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect: error:14090086:SSL routines:func(144):reason(134) (certificate signature failure). ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldaps://localhost) ldap_simple_bind_s ldap_sasl_bind_s ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:636 ldap_new_socket: 10 ldap_prepare_socket: 10 ldap_connect_to_host: Trying 127.0.0.1:636 ldap_pvt_connect: fd: 10 tm: 5 async: 0 ldap_ndelay_on: 10 ldap_int_poll: fd: 10 tm: 5 ldap_is_sock_ready: 10 ldap_ndelay_off: 10 ldap_pvt_connect: 0 TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 0, subject: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com, issuer: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com TLS certificate verification: depth: 0, err: 7, subject: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com, issuer: /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com TLS certificate verification: Error, certificate signature failure TLS trace: SSL3 alert write:fatal:decrypt error TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS trace: SSL_connect:error in SSLv3 read server certificate B TLS: can't connect: error:14090086:SSL routines:func(144):reason(134) (certificate signature failure). ldap_err2string saslauthd[766] :do_auth : auth failure: [user=khanhnq] [service=imap] [realm=] [mech=ldap] [reason=Unknown] saslauthd[766] :do_request : response: NO
What i'm doing wrong? I test OpenSSL using client authenticate and it's work OK.
# openssl s_client -connect localhost:636 -state -CAfile /var/myCA/demoCA/cacert.pem -cert /var/myCA/clientcrt.pem -key /var/myCA/clientkey.pem CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com verify return:1 depth=0 /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certificate A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write certificate verify A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read server session ticket A SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com i:/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com 1 s:/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com i:/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com --- Server certificate -----BEGIN CERTIFICATE----- MIICiTCCAfKgAwIBAgIJAMmeK8RVIEWgMA0GCSqGSIb3DQEBBQUAMEgxCzAJBgNV BAYTAlZOMQwwCgYDVQQIEwNIQ00xDDAKBgNVBAoTA1NHVDELMAkGA1UECxMCTlcx EDAOBgNVBAMTB2FiYy5jb20wHhcNMTEwNjEzMDYzMDQ3WhcNMTIwNjEyMDYzMDQ3 WjBIMQswCQYDVQQGEwJWTjEMMAoGA1UECBMDSENNMQwwCgYDVQQKEwNTR1QxCzAJ BgNVBAsTAk5XMRAwDgYDVQQDEwdhYmMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDEW/sP8n2M7y0LT7ONPZQSnWdOC+E2qyngXaouoKEZauyLkTwWJyQY MkCeGKwQo1KMGd1O04sw5uD2IWgYBfGuynSalyfGfwETGc4Y/xPHV+FpOY5KRssn qzmL5Gso276vIOR4KnjZdm5Msp3WQ2z4aNUkLbMspyBugKP9GgjfAwIDAQABo3sw eTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUD7QVqUbn35Jgi1yQdumsHRBdAkswHwYDVR0j BBgwFoAUAdNX4GIDCCQpSpUEfLXJPW74L2IwDQYJKoZIhvcNAQEFBQADgYEAMf8i zRpqasBFf6acpRvGG/AkLU+Cz10ffH6zE3DsoKngxP6zEDFOb1quX+E7RE98W/0T iQPLqS5XLIuLX6BNRjnv79DdyynpwsFVip6pHvDZafWBXrzWVn7WEXy5+VpfjBxe CADHvgvp4LXh7EtvppO1vPyvphCCexsmCIzoxyA= -----END CERTIFICATE----- subject=/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com issuer=/C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com --- Acceptable client certificate CA names /C=VN/ST=HCM/O=SGT/OU=NW/CN=abc.com --- SSL handshake has read 2431 bytes and written 1804 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: B79630EC32BF14F01931D1EAB3DC0CF7DA29B42E012C8BD8171EEF46D993BB96 Session-ID-ctx: Master-Key: 230F7D9D0736A40EB148CA9091BA0105E6949721E55FD9F84AD057C1CBA38F0A1B2269CAB07E7E71E3310954DDF260BF Key-Arg : None TLS session ticket: 0000 - 07 19 41 07 ec 4c 66 10-24 a0 dd be 02 ff 05 90 ..A..Lf.$....... 0010 - a0 f8 64 d3 08 77 a0 bf-24 81 ad 04 b8 d9 e6 9a ..d..w..$....... 0020 - 04 5a df 4a d5 a1 65 2b-52 4c d4 a2 c2 d6 8b 7f .Z.J..e+RL...... 0030 - fa 66 c7 05 54 58 fa 5d-9a a3 75 82 d0 e8 76 dd .f..TX.]..u...v. 0040 - 4f da 54 ac 8e 40 95 68-7c da 6f 08 7f 52 a3 f6 O.T..@.h|.o..R.. 0050 - c2 bd 44 ff dd 95 b3 0c-e5 9e 16 95 7c c8 6d ee ..D.........|.m. 0060 - 96 03 6b db ae 8c 34 8e-a3 29 87 16 f0 a6 0e 8c ..k...4..)...... 0070 - ac fa c2 76 4a 2d 75 f5-fc b7 1e 83 ec a7 47 0a ...vJ-u.......G. 0080 - 72 50 e8 24 e2 22 34 5f-ff 6a b1 ea f0 cc 2e 55 rP.$."4_.j.....U 0090 - 9f ec ea 1b b5 da 12 70-f4 0c ee 10 5b d0 4e 7a .......p....[.Nz 00a0 - 0d 60 06 70 02 f7 eb a3-f3 79 a7 69 5d c3 61 d3 .`.p.....y.i].a. 00b0 - 51 2a 8a 82 c2 11 70 c9-8b 4f 19 58 50 83 6b 0e Q*....p..O.XP.k. 00c0 - bf 9e aa 6a 8f 72 59 9c-10 da cc 8f 90 05 db e2 ...j.rY......... 00d0 - 08 31 d8 62 1a 24 0d 50-a4 e1 75 e6 ee 49 19 32 .1.b.$.P..u..I.2 00e0 - 1f b6 0e 77 11 42 ce 3a-7e 7e 9c 2b be 59 d4 b4 ...w.B.:~~.+.Y.. 00f0 - 24 36 b0 a5 39 30 9f 3a-49 f7 19 10 73 f1 3e 06 $6..90.:I...s.>. 0100 - b4 04 58 3a 5f 4c 02 29-54 b1 25 c7 2f 06 4a 62 ..X:_L.)T.%./.Jb 0110 - fb 4b 52 82 ea 50 7e 12-0e 8b 5a eb a4 34 77 3c .KR..P~...Z..4w< 0120 - 9f f4 0d 85 0f 43 9a 5d-f1 ba 3e 28 ab 86 98 17 .....C.]..>(.... 0130 - d1 10 49 d2 a6 f3 e7 32-72 62 41 ac 4c 51 4b 05 ..I....2rbA.LQK. 0140 - bd e7 a3 30 cd 47 37 95-f9 76 1d 4a f1 a2 58 b0 ...0.G7..v.J..X. 0150 - 0b a8 ca 4e 4f a1 67 ff-01 3e 11 29 a9 db f1 3e ...NO.g..>.)...> 0160 - 43 64 f8 58 4e d3 44 6f-ee cc 61 6d b3 82 ab 77 Cd.XN.Do..am...w 0170 - e7 3b 6b 83 af b7 42 76-89 e2 e0 d6 8e 66 61 fe .;k...Bv.....fa. 0180 - df 7c d8 28 63 04 22 06-cd 41 28 46 d4 08 00 b4 .|.(c."..A(F.... 0190 - 2b 9e 90 ec ee 9f 8e 34-9b 15 5c 71 e8 29 88 c8 +......4..\q.).. 01a0 - 35 4d 88 aa c3 05 53 0a-b8 bd 90 38 68 cf 8b 0b 5M....S....8h... 01b0 - b0 f3 48 c0 02 8a 9f be-05 1b 13 4a 49 67 32 8f ..H........JIg2. 01c0 - 66 f2 41 18 11 f1 eb ed-2a d0 a4 de d9 10 83 95 f.A.....*....... 01d0 - c6 aa 1a 74 83 36 31 db-68 b1 88 37 2b 18 da 6b ...t.61.h..7+..k 01e0 - b9 be 87 36 64 5c a0 b1-23 eb df d9 8f 96 10 ae ...6d..#....... 01f0 - 4e db 3b c2 77 65 a4 11-df 65 a8 26 98 4f df 69 N.;.we...e.&.O.i 0200 - 12 1e 1c 4c dd e2 d0 29-1c 3b 01 e9 10 1d db 94 ...L...).;...... 0210 - f6 93 93 b1 c0 89 65 3a-0d bc 16 e8 f0 5f 9f 5c ......e:....._.\ 0220 - 8a bc ea 56 b7 e7 d4 75-4c 19 6d 18 73 64 3c 95 ...V...uL.m.sd<. 0230 - 87 0b 88 5b e8 c8 2c b5-92 ce aa ab cd c8 19 6b ...[..,........k 0240 - a2 5e 51 f7 a9 8f 59 59-34 a7 81 56 e1 4d 4f 20 .^Q...YY4..V.MO 0250 - 96 23 fa 58 6f b3 f8 19-68 03 df 61 eb 09 3e d8 .#.Xo...h..a..>. 0260 - 78 0d 94 f1 3a 1a 64 35-b5 54 b5 84 76 44 62 b1 x...:.d5.T..vDb. 0270 - 36 5c 1d d6 79 27 6d 1c-3c df bb d2 bf 2c 06 40 6..y'm.<....,.@ 0280 - 25 03 dd 77 6d 75 b8 ee-7c b5 cf 37 86 eb 9d 36 %..wmu..|..7...6 0290 - 18 b9 40 89 1e 78 d3 69-34 c9 fa b1 22 7f d2 79 ..@..x.i4..."..y 02a0 - 93 64 a9 23 6c 9a 32 6c-d2 ca 2a 40 0c c0 f5 c5 .d.#l.2l..*@.... 02b0 - 7e 51 65 c0 b7 9a 8a 01-54 29 71 bd 27 b9 0b a8 ~Qe.....T)q.'... 02c0 - 60 30 42 42 f4 4e 8a c8-27 a5 d3 99 cc d0 4f e1 `0BB.N..'.....O. 02d0 - 97 da 01 a5 44 e9 6a 6f-18 2a ea 88 89 14 be 56 ....D.jo.*.....V 02e0 - 9a 81 a4 f5 0e 6f 2c b2-60 93 30 3e 57 33 5e 20 .....o,.`.0>W3^ 02f0 - 8f 63 46 a7 1f 91 cf 31-81 8f 91 e0 cf c9 1c df .cF....1........ 0300 - e3 5d ac 0f f9 2e 08 db-dc fa 3f 8e c7 76 2e fb .]........?..v.. 0310 - ef d3 a7 64 9c 12 99 36-52 75 23 e7 e1 b3 f0 b1 ...d...6Ru#..... 0320 - 67 cc 78 6d 39 74 1d fa-18 5e b4 9c b4 49 9c 9b g.xm9t...^...I.. 0330 - 75 ee 0a fd f8 8d cf 15-a4 a2 c5 7c da c7 c0 36 u..........|...6
Compression: 1 (zlib compression) Start Time: 1307949552 Timeout : 300 (sec) Verify return code: 0 (ok)
Please help,
-- *********************************** EVERYTHING HAS JUST BEGUN...
________________________________ This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.
Thanks for your reply...
Yeah... I think i configured correctly in my client. I can use ldapsearch with commands:
./ldapsearch -xLL -b dc=abc,dc=com -H ldaps://ftp.abc.com '(uid=khanhnq)' -d -1
.......
02a0: 63 1c c8 a4 32 02 b0 8c bb 17 79 54 29 9d d1 61 c...2.....yT)..a
02b0: 05 82 04 60 53 30 d6 27 26 d4 e3 21 51 4c 95 d2 ...`S0.'...u..,.)..... 0310: 07 7c d6 34 f5 8c 0c 14 13 6a dd aa 62 92 63 58 .|.4.....j..b.cX 0320: a6 56 12 5f f1 1c 20 ad 59 8f eb 6a 9a 3c cc 7e .V._.. .Y..j.
openldap-technical@openldap.org
-
Chris Jacobs -
Nguyen, Quoc Khanh