-----Original Message----- From: Shankhadeep Sen [mailto:shanks.iit@gmail.com] Sent: Friday, January 30, 2009 1:25 PM To: Christopher Barry Subject: Re: ldap_bind fails in vpn tunnel
Hi Christopher,
Thanks for your email.It seems thatwithout TLS , the search works first but next when I initiate a TLS session, the ldap api says "SERVER DOWN".I must mention that the bandwidth is very low in that VPN tunnel and there is only one route.
Now I used tcpdump to check the packets on port 389 , it seems that there are a lot of packets being exchanged.My guess is that because of the low b/w even if one packet gets dropped because of router overflow, the SSL handshake will be terminated.
What do you think?
Thanks,
Sankhadip
On Fri, Jan 30, 2009 at 9:05 AM, Christopher Barry christopher.barry@qlogic.com wrote:
-----Original Message----- From: openldap-technical-bounces+christopher.barry=qlogic.com@openld ap.org [mailto:openldap-technical-bounces+christopher.barry
mailto:openldap-technical-bounces%2Bchristopher.barry =qlogic.co
m@openldap.org] On Behalf Of Sankhadip Sengupta Sent: Friday, January 30, 2009 9:34 AM To: openldap-technical@openldap.org Subject: ldap_bind fails in vpn tunnel
Hi,
In a VPN tunnel, using TLS, ldap_search works but theldap_bind fails with error :Can't contact LDAP server(-1).
Can any one help me? I am using the openldap sdk.
Thanks,
Sankhadip
You might try putting the LDAP server's name and IP address in the hosts file of the client.
-C
Is this link helpful to you? http://www.openldap.org/lists/openldap-software/200201/msg00625.html
Thanks Chris but it didn't work.That article discusses about SSL and I am using TLS which is on port 389 so no URL issue.Here is a server side debug trace:
daemon: epoll: listen=7 active_threads=0 tvp=NULL TLS trace: SSL_accept:before/accept initialization daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: daemon: hangup on 14 tls_read: want=11 error=Connection reset by peer TLS trace: SSL_accept:error in SSLv2/v3 read client hello A daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: TLS: can't accept. daemon: hangup on 14 daemon: epoll: listen=7 active_threads=0 tvp=NULL daemon: epoll: listen=8 active_threads=0 tvp=NULL daemon: activity on 1 descriptor daemon: activity on: daemon: hangup on 14 connection_read(14): TLS accept failure error=-1 id=5, closing
Any help or light on this wil lbe appreciated greatly.
Thanks,
Sankhadip
On Fri, Jan 30, 2009 at 11:29 AM, Christopher Barry < christopher.barry@qlogic.com> wrote:
-----Original Message----- From: Shankhadeep Sen [mailto:shanks.iit@gmail.com] Sent: Friday, January 30, 2009 1:25 PM To: Christopher Barry Subject: Re: ldap_bind fails in vpn tunnel
Hi Christopher,
Thanks for your email.It seems thatwithout TLS , the search works first but next when I initiate a TLS session, the ldap api says "SERVER DOWN".I must mention that the bandwidth is very low in that VPN tunnel and there is only one route.
Now I used tcpdump to check the packets on port 389 , it seems that there are a lot of packets being exchanged.My guess is that because of the low b/w even if one packet gets dropped because of router overflow, the SSL handshake will be terminated.
What do you think?
Thanks,
Sankhadip
On Fri, Jan 30, 2009 at 9:05 AM, Christopher Barry christopher.barry@qlogic.com wrote:
> -----Original Message----- > From: > openldap-technical-bounces+christopher.barry=qlogic.com@openld > ap.org > [mailto:openldap-technical-bounces+christopher.barry<openldap-technical-bounces%2Bchristopher.barry><mailto:openldap-technical-bounces%2Bchristopher.barry<openldap-technical-bounces%252Bchristopher.barry>>
=qlogic.co
> m@openldap.org] On Behalf Of Sankhadip Sengupta > Sent: Friday, January 30, 2009 9:34 AM > To: openldap-technical@openldap.org > Subject: ldap_bind fails in vpn tunnel > > Hi, > > In a VPN tunnel, using TLS, ldap_search works but the > ldap_bind fails with error :Can't contact LDAP server(-1). > > Can any one help me? I am using the openldap sdk. > > Thanks, > > Sankhadip > You might try putting the LDAP server's name and IPaddress in the hosts file of the client.
-CIs this link helpful to you? http://www.openldap.org/lists/openldap-software/200201/msg00625.html
openldap-technical@openldap.org
-
Christopher Barry -
Shankhadeep Sen