I have an OpenLDAP 2.3 server that is up and running. I have been trying to add SSL and TLS. SSL connections on port 636 work fine. However the TLS connection on 389 is not working. The only errors are "TLS accept failure" and "TLS negotiation failure." I've not been able to dig up any more information, even using the -d option, and I notice that people have posted log files with detailed TLS trace messages. How can I enable the TLS logging to find out what's going on? Thanks.
--On Tuesday, October 21, 2008 4:05 PM -0400 Kyle Barger kbarger@ltsp.edu wrote:
I have an OpenLDAP 2.3 server that is up and running. I have been trying to add SSL and TLS. SSL connections on port 636 work fine. However the TLS connection on 389 is not working. The only errors are "TLS accept failure" and "TLS negotiation failure." I've not been able to dig up any more information, even using the -d option, and I notice that people have posted log files with detailed TLS trace messages. How can I enable the TLS logging to find out what's going on? Thanks.
You can't do SSL over port 389, you need to do startTLS instead. You don't say how you are testing these connections, but if you are using ldapsearch, look at the "-Z[ZZ]" option(s).
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org