Hi there. I've another problem with TLS slapd and samba. For each operation with slapd (ldapsearch -x -ZZ, getent, or samba tls connection) I receive from slapd:
Aug 2 11:31:05 PDC slapd[1709]: connection_read(23): unable to get TLS client DN, error=49 id=4
What's the problem? My certificate?
Certificate's creation is:
/usr/lib/ssl/misc/CA.pl -newca openssl req -newkey rsa:1024 -nodes -keyout key.pem -out newreq.pem /usr/lib/ssl/misc/CA.pl -sign
Then another problem is when I start slapd on the boot, after slapd startup, samba , that try to connect to ldap with tls, could not connect to slapd and give me:
2009/08/01 17:45:15, 10] lib/ldap_debug_handler.c:samba_ldap_log_print_fn(26) [LDAP] ldap_parse_extended_result [2009/08/01 17:45:15, 10] lib/ldap_debug_handler.c:samba_ldap_log_print_fn(26) [LDAP] ldap_parse_result [2009/08/01 17:45:15, 10] lib/ldap_debug_handler.c:samba_ldap_log_print_fn(26) [LDAP] ldap_msgfree [2009/08/01 17:45:15, 10] lib/ldap_debug_handler.c:samba_ldap_log_print_fn(26) [LDAP] TLS: can't connect: Error in the push function.. [2009/08/01 17:45:15, 0] lib/smbldap.c:smb_ldap_start_tls(596) [2009/08/01 17:45:15, 10] lib/ldap_debug_handler.c:samba_ldap_log_print_fn(26) [LDAP] ldap_err2string Failed to issue the StartTLS instruction: Connect error
This only if I put in slapd.conf TLSClientVerify demand, if I put TLSClientVerify never, samba connect to it, under TLS without problems. Another issue is that, if i run slapd on startup and run samba after login with /etc/init.d/samba start, it makes the connection successfully without error. In the same script of slapd boot I set an "ldapsearch -x -ZZ -d -1" I receive:
TLS: can't connect: Error in the push function.. the same of samba.
Anyone has ideas? The problem is in certificates?
thanks in advance
openldap-technical@openldap.org