Hi All,
my ldapsearch and other things were working perfectly fine but not sure what happened now. Seem some SSL issue. When i am doing ldapsearch i am getting below error.
[root@xxx-xxx-xxx etc]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /usr/local/openldap/dit.ldif -H ldaps://xxx-xxx-xxx.example.com Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Logs error:
TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5 error=Resource temporarily unavailable TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 11r531ecbee 531ecbee daemon: read active on 11 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero 531ecbee connection_get(11) 531ecbee connection_get(11): got connid=1000 531ecbee connection_read(11): checking for input on id=1000 tls_read: want=5, got=5 0000: 15 03 01 00 02 ..... tls_read: want=2, got=2 0000: 02 30 .0 TLS trace: SSL3 alert read:fatal:unknown CA ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca. 531ecbee connection_read(11): TLS accept failure error=-1 id=1000, closing 531ecbee connection_closing: readying conn=1000 sd=11 for close 531ecbee connection_close: conn=1000 sd=11 531ecbee daemon: removing 11 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero Please suggest.
Regards Sam
Please help me what could cause this ?
Thanks a ton everyone
Sent from my iPhone
On 11 Mar 2014, at 5:11 pm, saurabh ohri sam_ohri@yahoo.co.in wrote:
Hi All,
my ldapsearch and other things were working perfectly fine but not sure what happened now. Seem some SSL issue. When i am doing ldapsearch i am getting below error.
[root@xxx-xxx-xxx etc]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /usr/local/openldap/dit.ldif -H ldaps://xxx-xxx-xxx.example.com Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Logs error:
TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5 error=Resource temporarily unavailable TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 11r531ecbee 531ecbee daemon: read active on 11 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero 531ecbee connection_get(11) 531ecbee connection_get(11): got connid=1000 531ecbee connection_read(11): checking for input on id=1000 tls_read: want=5, got=5 0000: 15 03 01 00 02 ..... tls_read: want=2, got=2 0000: 02 30 .0 TLS trace: SSL3 alert read:fatal:unknown CA ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca. 531ecbee connection_read(11): TLS accept failure error=-1 id=1000, closing 531ecbee connection_closing: readying conn=1000 sd=11 for close 531ecbee connection_close: conn=1000 sd=11 531ecbee daemon: removing 11 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero
Please suggest.
Regards Sam
TLS trace: SSL3 alert read:fatal:unknown CA ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca. 531ecbee connection_read(11): TLS accept failure error=-1 id=1000, closing
Self descriptive, I think. Your client doesn't know (trust) the root CA under which your server is certified. Therefore it can'n assert it's connecting to the genuine server, and prefers to abort the connection.
2014-03-11 14:23 GMT+01:00 Saurabh Ohri sam_ohri@yahoo.co.in:
Please help me what could cause this ?
Thanks a ton everyone
Sent from my iPhone
On 11 Mar 2014, at 5:11 pm, saurabh ohri sam_ohri@yahoo.co.in wrote:
Hi All,
my ldapsearch and other things were working perfectly fine but not sure what happened now. Seem some SSL issue. When i am doing ldapsearch i am getting below error.
[root@xxx-xxx-xxx etc]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /usr/local/openldap/dit.ldif -H ldaps://xxx-xxx-xxx.example.com Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Logs error:
TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5 error=Resource temporarily unavailable TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 11r531ecbee 531ecbee daemon: read active on 11 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero 531ecbee connection_get(11) 531ecbee connection_get(11): got connid=1000 531ecbee connection_read(11): checking for input on id=1000 tls_read: want=5, got=5 0000: 15 03 01 00 02 ..... tls_read: want=2, got=2 0000: 02 30 .0 TLS trace: SSL3 alert read:fatal:unknown CA ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca. 531ecbee connection_read(11): TLS accept failure error=-1 id=1000, closing 531ecbee connection_closing: readying conn=1000 sd=11 for close 531ecbee connection_close: conn=1000 sd=11 531ecbee daemon: removing 11 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero
Please suggest.
Regards Sam
Thanks erwann. But I am running ldap search with rootdn from ldap server only. Configured the certs file path I n config file of ldap.
It was working fine since past 1 week not sure what changes make it stopped working today. Tried reloading the ask certs again and reloaded the config file from slapd.conf but still issue exists.
Please suggest what could have caused this and how to fix it. Thanks again
Regards Sam
Sent from my iPhone
On 11 Mar 2014, at 10:10 pm, Erwann Abalea eabalea@gmail.com wrote:
TLS trace: SSL3 alert read:fatal:unknown CA ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca. 531ecbee connection_read(11): TLS accept failure error=-1 id=1000, closing
Self descriptive, I think. Your client doesn't know (trust) the root CA under which your server is certified. Therefore it can'n assert it's connecting to the genuine server, and prefers to abort the connection.
2014-03-11 14:23 GMT+01:00 Saurabh Ohri sam_ohri@yahoo.co.in:
Please help me what could cause this ?
Thanks a ton everyone
Sent from my iPhone
On 11 Mar 2014, at 5:11 pm, saurabh ohri sam_ohri@yahoo.co.in wrote:
Hi All,
my ldapsearch and other things were working perfectly fine but not sure what happened now. Seem some SSL issue. When i am doing ldapsearch i am getting below error.
[root@xxx-xxx-xxx etc]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /usr/local/openldap/dit.ldif -H ldaps://xxx-xxx-xxx.example.com Enter LDAP Password: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Logs error:
TLS trace: SSL_accept:SSLv3 flush data tls_read: want=5 error=Resource temporarily unavailable TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 11r531ecbee 531ecbee daemon: read active on 11 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero 531ecbee connection_get(11) 531ecbee connection_get(11): got connid=1000 531ecbee connection_read(11): checking for input on id=1000 tls_read: want=5, got=5 0000: 15 03 01 00 02 ..... tls_read: want=2, got=2 0000: 02 30 .0 TLS trace: SSL3 alert read:fatal:unknown CA ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) TLS trace: SSL_accept:failed in SSLv3 read client certificate A TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca. 531ecbee connection_read(11): TLS accept failure error=-1 id=1000, closing 531ecbee connection_closing: readying conn=1000 sd=11 for close 531ecbee connection_close: conn=1000 sd=11 531ecbee daemon: removing 11 531ecbee daemon: activity on 1 descriptor 531ecbee daemon: activity on:531ecbee 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero
Please suggest.
Regards Sam
-- Erwann.
Hi,
On Tue, 11 Mar 2014, Saurabh Ohri wrote:
Thanks erwann. But I am running ldap search with rootdn from ldap server only. Configured the certs file path I n config file of ldap.
It was working fine since past 1 week not sure what changes make it stopped working today. Tried reloading the ask certs again and reloaded the config file from slapd.conf but still issue exists.
If a certificate suddenly stops working I usually check if it has expired.
Greetings Christian
Please suggest what could have caused this and how to fix it. Thanks again
openldap-technical@openldap.org
-
Christian Kratzer -
Erwann Abalea -
saurabh ohri -
Saurabh Ohri