Thanks erwann. But I am running ldap search with rootdn from ldap server only. Configured
the certs file path I n config file of ldap.
It was working fine since past 1 week not sure what changes make it stopped working today.
Tried reloading the ask certs again and reloaded the config file from slapd.conf but still
issue exists.
Please suggest what could have caused this and how to fix it. Thanks again
Regards
Sam
Sent from my iPhone
On 11 Mar 2014, at 10:10 pm, Erwann Abalea <eabalea(a)gmail.com> wrote:
> TLS trace: SSL3 alert read:fatal:unknown CA
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
> TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca.
> 531ecbee connection_read(11): TLS accept failure error=-1 id=1000, closing
Self descriptive, I think. Your client doesn't know (trust) the root CA under which
your server is certified. Therefore it can'n assert it's connecting to the genuine
server, and prefers to abort the connection.
2014-03-11 14:23 GMT+01:00 Saurabh Ohri <sam_ohri(a)yahoo.co.in>:
> Please help me what could cause this ?
>
> Thanks a ton everyone
>
> Sent from my iPhone
>
>> On 11 Mar 2014, at 5:11 pm, saurabh ohri <sam_ohri(a)yahoo.co.in> wrote:
>>
>> Hi All,
>>
>> my ldapsearch and other things were working perfectly fine but not sure what
happened now. Seem some SSL issue. When i am doing ldapsearch i am getting below error.
>>
>> [root@xxx-xxx-xxx etc]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W
-f /usr/local/openldap/dit.ldif -H
ldaps://xxx-xxx-xxx.example.com
>> Enter LDAP Password:
>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>
>> Logs error:
>>
>> TLS trace: SSL_accept:SSLv3 flush data
>> tls_read: want=5 error=Resource temporarily unavailable
>> TLS trace: SSL_accept:error in SSLv3 read client certificate A
>> TLS trace: SSL_accept:error in SSLv3 read client certificate A
>> 531ecbee daemon: activity on 1 descriptor
>> 531ecbee daemon: activity on:531ecbee
>> 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero
>> 531ecbee daemon: activity on 1 descriptor
>> 531ecbee daemon: activity on:531ecbee 11r531ecbee
>> 531ecbee daemon: read active on 11
>> 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero
>> 531ecbee connection_get(11)
>> 531ecbee connection_get(11): got connid=1000
>> 531ecbee connection_read(11): checking for input on id=1000
>> tls_read: want=5, got=5
>> 0000: 15 03 01 00 02 .....
>> tls_read: want=2, got=2
>> 0000: 02 30 .0
>> TLS trace: SSL3 alert read:fatal:unknown CA
>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>> TLS trace: SSL_accept:failed in SSLv3 read client certificate A
>> TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca.
>> 531ecbee connection_read(11): TLS accept failure error=-1 id=1000, closing
>> 531ecbee connection_closing: readying conn=1000 sd=11 for close
>> 531ecbee connection_close: conn=1000 sd=11
>> 531ecbee daemon: removing 11
>> 531ecbee daemon: activity on 1 descriptor
>> 531ecbee daemon: activity on:531ecbee
>> 531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero
>>
>> Please suggest.
>>
>> Regards
>> Sam
--
Erwann.