Hi,

Having problems getting my TLS setup working.

Current setup:

Ubuntu 11.10 (3.0.0-16 server)

OpenLDAP 2.4.25

I have been using the instructions at: https://help.ubuntu.com/11.10/serverguide/C/openldap-server.html though to be honest I am relatively new to TLS and using certtool, etc. I have now been copy and pasting the commands given in case my typing is as good as it usually is.

Unencrypted LDAP works fine including syncing with a slave and samba authentication (non-TLS that is!)

It appears to be something to do with the self-signed certificate not being trusted and seems to be a common problem people run into. I have been researching it for a while but at this stage I’m kind of just trying randomly browsed suggestions, with most admittedly geared towards pervious OpenLDAP versions and not really assisting with my understanding of the problem in the first place.

I’ll probably give away more information than I should below but at this stage I will just blow everything away and start again once I understand where I’m going wrong anyway.

So when I try:

# nutls-cli --print-cert -p 636 cabernet.burnet.edu.au

Resolving 'cabernet.burnet.edu.au'...

Connecting to '10.10.0.3:636'...

- Certificate type: X.509

- Got a certificate list of 2 certificates.

- Certificate[0] info:

- subject `O=Burnet Institute,CN=cabernet.burnet.edu.au', issuer `CN= cabernet.burnet.edu.au', RSA key 1024 bits, signed using RSA-SHA1, activated `2012-02-23 04:57:57 UTC', expires `2022-02-20 04:57:57 UTC', SHA-1 fingerprint `346ed1e006ce7975afbcaf81d58de886b25953de'

-----BEGIN CERTIFICATE-----

MIICzTCCAbWgAwIBAgIET0XHVTANBgkqhkiG9w0BAQUFADAhMR8wHQYDVQQDExZj

YWJlcm5ldC5idXJuZXQuZWR1LmF1MB4XDTEyMDIyMzA0NTc1N1oXDTIyMDIyMDA0

NTc1N1owPDEZMBcGA1UEChMQQnVybmV0IEluc3RpdHV0ZTEfMB0GA1UEAxMWY2Fi

ZXJuZXQuYnVybmV0LmVkdS5hdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA

wwwwl9aNyiAsAktsYbWhS6ePMOIcE3pSt0tT4BG3CUu22/ER9iV9NTZ2JlPiduHr

Tq7NBp6PCCz9jpH+k9LZcMwbH+3d1HXK7trKM+JZo4oWHW08Iy7FsW+zIxHVhbwr

2P1qxG7FrSOJ0pchYgVMkZ6UqMJKfKXlbdwdt28DqKcCAwEAAaN2MHQwDAYDVR0T

AQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0G

A1UdDgQWBBT3BkevTphmj4dd+D6NbwRSQWdlOzAfBgNVHSMEGDAWgBSeTWcMd+Ku

cx3LyZwwmlVCqf4QhzANBgkqhkiG9w0BAQUFAAOCAQEAORZl+B7XZ+7ygXWKcAph

3pfwImm1SevJqmtDnzNz3XW7zm/8MKBtVjZsvS7l8/pxpGDThuop5RvQMZY7RwiS

SCFo7QglnM+kGqAuqIIBPCiQSNP3cxBBCcjUC88Mzm34+iIZIzvabjHHD+/7bD2x

Sd5pSJxH6zvyVbZcEwHgVtK6gBQ3r1fMFrgC6ggu21pS+J8lVCvTG4gvRx8VIVG8

BusdlMbtiOOz+MY9XrDIfjQ0vyE6y+lYy/SdFOcUCmfd+vH6aT/yl4sMVMUXXGo6

BrIkPLBzUjJzXJAyfMq0qiRKaxqLXloAvAsu/7uP25ldrIbjsHEBSfTR0d984BMW

ow==

-----END CERTIFICATE-----

- Certificate[1] info:

- subject `CN=cabernet.burnet.edu.au', issuer `CN=cabernet.burnet.edu.au', RSA key 2048 bits, signed using RSA-SHA1, activated `2012-02-23 04:54:42 UTC', expires `2013-02-22 04:54:42 UTC', SHA-1 fingerprint `d666459a5417a25adc7dbbf6f4bad5c6345166ee'

-----BEGIN CERTIFICATE-----

MIIDAzCCAeugAwIBAgIET0XGkjANBgkqhkiG9w0BAQUFADAhMR8wHQYDVQQDExZj

YWJlcm5ldC5idXJuZXQuZWR1LmF1MB4XDTEyMDIyMzA0NTQ0MloXDTEzMDIyMjA0

NTQ0MlowITEfMB0GA1UEAxMWY2FiZXJuZXQuYnVybmV0LmVkdS5hdTCCASIwDQYJ

KoZIhvcNAQEBBQADggEPADCCAQoCggEBAPSW4LRc/C0u9DcwA7twyZnKJblGkMt1

mRmoyZUnUu60bSmZB5ulf1IVICWg2Rdv9mfGoB4zmixLJINg6TPiHXpCw7ad2Ci9

hUx30BFpy4H0qOElV1ZPnA/hi2fNgFODB7TSMuV+EoNPosxWkufhYH0mfaWyfIFH

ZlfJUPtF2Lg1U4nyDjVKq4QNyFM/Hzhk3M/kSlSwSIQbw2b4U6QaprVc31RKUPsp

9i44k+2eA5SMXGafCGyvH/3pprnWil4t+Snr4IBrv+w63T5Ip7JT1S//fSN48+0E

vwTJbZp0+8MoHHbFeutJCh6Omwj/8+H2sKqftXVqMglqbv2WWMIV/V0CAwEAAaND

MEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBSe

TWcMd+Kucx3LyZwwmlVCqf4QhzANBgkqhkiG9w0BAQUFAAOCAQEAiFNzqT2C8gFw

sSGA1OJ30yZPVRajvZgyJS4y4tdxOzfQtSKy1sZwCfFSb8z8Ejuj75WhLFvJ+8UV

fpmmBwT/o83BbCDoI6eayt0lBqeEGcEciOtKsrds+Qa8rhywVdXcO+cdE5SgjtdL

DsVHWXp9krYy7cDM2Fthidwz+TdifgMWjEMI8M/zO+51ceGRPpfOjlmFsRFW2aQp

YJP/MaQEkxN2UgN+K4OXHJo7l/NcLVu+e34JKeRd/l7xfxnjfMxvoPXmxzCNOVd8

RAsWd3McOL4osTY5O5sQYnu5/L3Kbyqear88reVFfJwvYAp/UXy/ozVcebXo5M+p

dNpyevLA2g==

-----END CERTIFICATE-----

- The hostname in the certificate matches 'cabernet.burnet.edu.au'.

- Peer's certificate issuer is unknown

- Peer's certificate is NOT trusted

- Version: TLS1.2

- Key Exchange: RSA

- Cipher: AES-128-CBC

- MAC: SHA256

- Compression: NULL

- Handshake was completed

******* LDAP search TLS test ******

# ldapsearch -ZZ -d -1

ldap_create

ldap_extended_operation_s

ldap_extended_operation

ldap_send_initial_request

ldap_new_connection 1 1 0

ldap_int_open_connection

ldap_connect_to_host: TCP localhost:389

ldap_new_socket: 3

ldap_prepare_socket: 3

ldap_connect_to_host: Trying 127.0.0.1:389

ldap_pvt_connect: fd: 3 tm: -1 async: 0

ldap_open_defconn: successful

ldap_send_server_request

ber_scanf fmt ({it) ber:

ber_dump: buf=0x7ff66fe28680 ptr=0x7ff66fe28680 end=0x7ff66fe2869f len=31

0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1

0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037

ber_scanf fmt ({) ber:

ber_dump: buf=0x7ff66fe28680 ptr=0x7ff66fe28685 end=0x7ff66fe2869f len=26

0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1.

0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037

ber_flush2: 31 bytes to sd 3

0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1

0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037

ldap_write: want=31, written=31

0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1

0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037

ldap_result ld 0x7ff66fe1f160 msgid 1

wait4msg ld 0x7ff66fe1f160 msgid 1 (infinite timeout)

wait4msg continue ld 0x7ff66fe1f160 msgid 1 all 1

** ld 0x7ff66fe1f160 Connections:

* host: localhost port: 389 (default)

refcnt: 2 status: Connected

last used: Thu Feb 23 16:54:28 2012

** ld 0x7ff66fe1f160 Outstanding Requests:

* msgid 1, origid 1, status InProgress

outstanding referrals 0, parent count 0

ld 0x7ff66fe1f160 request count 1 (abandoned 0)

** ld 0x7ff66fe1f160 Response Queue:

Empty

ld 0x7ff66fe1f160 response count 0

ldap_chkResponseList ld 0x7ff66fe1f160 msgid 1 all 1

ldap_chkResponseList returns ld 0x7ff66fe1f160 NULL

ldap_int_select

read1msg: ld 0x7ff66fe1f160 msgid 1 all 1

ber_get_next

ldap_read: want=8, got=8

0000: 30 0c 02 01 01 78 07 0a 0....x..

ldap_read: want=6, got=6

0000: 01 00 04 00 04 00 ......

ber_get_next: tag 0x30 len 12 contents:

ber_dump: buf=0x7ff66fe297e0 ptr=0x7ff66fe297e0 end=0x7ff66fe297ec len=12

0000: 02 01 01 78 07 0a 01 00 04 00 04 00 ...x........

read1msg: ld 0x7ff66fe1f160 msgid 1 message type extended-result

ber_scanf fmt ({eAA) ber:

ber_dump: buf=0x7ff66fe297e0 ptr=0x7ff66fe297e3 end=0x7ff66fe297ec len=9

0000: 78 07 0a 01 00 04 00 04 00 x........

read1msg: ld 0x7ff66fe1f160 0 new referrals

read1msg: mark request completed, ld 0x7ff66fe1f160 msgid 1

request done: ld 0x7ff66fe1f160 msgid 1

res_errno: 0, res_error: <>, res_matched: <>

ldap_free_request (origid 1, msgid 1)

ldap_parse_extended_result

ber_scanf fmt ({eAA) ber:

ber_dump: buf=0x7ff66fe297e0 ptr=0x7ff66fe297e3 end=0x7ff66fe297ec len=9

0000: 78 07 0a 01 00 04 00 04 00 x........

ldap_parse_result

ber_scanf fmt ({iAA) ber:

ber_dump: buf=0x7ff66fe297e0 ptr=0x7ff66fe297e3 end=0x7ff66fe297ec len=9

0000: 78 07 0a 01 00 04 00 04 00 x........

ber_scanf fmt (}) ber:

ber_dump: buf=0x7ff66fe297e0 ptr=0x7ff66fe297ec end=0x7ff66fe297ec len=0

ldap_msgfree

tls_write: want=126, written=126

0000: 16 03 03 00 79 01 00 00 75 03 03 4f 45 d4 94 f1 ....y...u..OE...

0010: 7c 3e 41 05 6a 43 c7 96 05 77 9d f3 83 22 c7 c5 |>A.jC...w..."..

0020: d8 b0 06 7c 6f fe 70 b6 b4 fa 78 00 00 30 00 67 ...|o.p...x..0.g

0030: 00 33 00 45 00 6b 00 39 00 88 00 16 00 40 00 32 .3.E.k.9.....@.2

0040: 00 44 00 6a 00 38 00 87 00 13 00 66 00 3c 00 2f .D.j.8.....f.<./

0050: 00 41 00 3d 00 35 00 84 00 0a 00 05 00 04 01 00 .A.=.5..........

0060: 00 1c 00 09 00 03 02 00 01 ff 01 00 01 00 00 0d ................

0070: 00 0c 00 0a 02 01 02 02 04 01 05 01 06 01 ..............

tls_read: want=5, got=5

0000: 16 03 03 00 51 ....Q

tls_read: want=81, got=81

0000: 02 00 00 4d 03 03 4f 45 d4 94 9e 56 0b 56 c2 c1 ...M..OE...V.V..

0010: 6b 05 2b 45 e1 bd 0b 64 32 58 b7 0e 12 ad e2 99 k.+E...d2X......

0020: bd 8e de c7 97 c5 20 0d ab 14 f0 0b 42 44 47 20 ...... .....BDG

0030: 95 67 22 45 74 ab 50 51 9f a8 b8 f1 d4 14 73 2e .g"Et.PQ......s.

0040: 9f 0d 61 6d 4d d1 a7 00 3c 00 00 05 ff 01 00 01 ..amM...<.......

0050: 00 .

tls_read: want=5, got=5

0000: 16 03 03 05 e5 .....

tls_read: want=1509, got=1509

0000: 0b 00 05 e1 00 05 de 00 02 d1 30 82 02 cd 30 82 ..........0...0.

0010: 01 b5 a0 03 02 01 02 02 04 4f 45 c7 55 30 0d 06 .........OE.U0..

0020: 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 21 31 1f .*.H........0!1.

0030: 30 1d 06 03 55 04 03 13 16 63 61 62 65 72 6e 65 0...U....caberne

0040: 74 2e 62 75 72 6e 65 74 2e 65 64 75 2e 61 75 30 t.burnet.edu.au0

0050: 1e 17 0d 31 32 30 32 32 33 30 34 35 37 35 37 5a ...120223045757Z

0060: 17 0d 32 32 30 32 32 30 30 34 35 37 35 37 5a 30 ..220220045757Z0

0070: 3c 31 19 30 17 06 03 55 04 0a 13 10 42 75 72 6e <1.0...U....Burn

0080: 65 74 20 49 6e 73 74 69 74 75 74 65 31 1f 30 1d et Institute1.0.

0090: 06 03 55 04 03 13 16 63 61 62 65 72 6e 65 74 2e ..U....cabernet.

00a0: 62 75 72 6e 65 74 2e 65 64 75 2e 61 75 30 81 9f burnet.edu.au0..

00b0: 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 0...*.H.........

00c0: 81 8d 00 30 81 89 02 81 81 00 c3 0c 30 97 d6 8d ...0........0...

00d0: ca 20 2c 02 4b 6c 61 b5 a1 4b a7 8f 30 e2 1c 13 . ,.Kla..K..0...

00e0: 7a 52 b7 4b 53 e0 11 b7 09 4b b6 db f1 11 f6 25 zR.KS....K.....%

00f0: 7d 35 36 76 26 53 e2 76 e1 eb 4e ae cd 06 9e 8f }56v&S.v..N.....

0100: 08 2c fd 8e 91 fe 93 d2 d9 70 cc 1b 1f ed dd d4 .,.......p......

0110: 75 ca ee da ca 33 e2 59 a3 8a 16 1d 6d 3c 23 2e u....3.Y....m<#.

0120: c5 b1 6f b3 23 11 d5 85 bc 2b d8 fd 6a c4 6e c5 ..o.#....+..j.n.

0130: ad 23 89 d2 97 21 62 05 4c 91 9e 94 a8 c2 4a 7c .#...!b.L.....J|

0140: a5 e5 6d dc 1d b7 6f 03 a8 a7 02 03 01 00 01 a3 ..m...o.........

0150: 76 30 74 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 v0t0...U.......0

0160: 00 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 .0...U.%..0...+.

0170: 01 05 05 07 03 01 30 0f 06 03 55 1d 0f 01 01 ff ......0...U.....

0180: 04 05 03 03 07 a0 00 30 1d 06 03 55 1d 0e 04 16 .......0...U....

0190: 04 14 f7 06 47 af 4e 98 66 8f 87 5d f8 3e 8d 6f ....G.N.f..].>.o

01a0: 04 52 41 67 65 3b 30 1f 06 03 55 1d 23 04 18 30 .RAge;0...U.#..0

01b0: 16 80 14 9e 4d 67 0c 77 e2 ae 73 1d cb c9 9c 30 ....Mg.w..s....0

01c0: 9a 55 42 a9 fe 10 87 30 0d 06 09 2a 86 48 86 f7 .UB....0...*.H..

01d0: 0d 01 01 05 05 00 03 82 01 01 00 39 16 65 f8 1e ...........9.e..

01e0: d7 67 ee f2 81 75 8a 70 0a 61 de 97 f0 22 69 b5 .g...u.p.a..."i.

01f0: 49 eb c9 aa 6b 43 9f 33 73 dd 75 bb ce 6f fc 30 I...kC.3s.u..o.0

0200: a0 6d 56 36 6c bd 2e e5 f3 fa 71 a4 60 d3 86 ea .mV6l.....q.`...

0210: 29 e5 1b d0 31 96 3b 47 08 92 48 21 68 ed 08 25 )...1.;G..H!h..%

0220: 9c cf a4 1a a0 2e a8 82 01 3c 28 90 48 d3 f7 73 .........<(.H..s

0230: 10 41 09 c8 d4 0b cf 0c ce 6d f8 fa 22 19 23 3b .A.......m..".#;

0240: da 6e 31 c7 0f ef fb 6c 3d b1 49 de 69 48 9c 47 .n1....l=.I.iH.G

0250: eb 3b f2 55 b6 5c 13 01 e0 56 d2 ba 80 14 37 af .;.U....V....7.

0260: 57 cc 16 b8 02 ea 08 2e db 5a 52 f8 9f 25 54 2b W........ZR..%T+

0270: d3 1b 88 2f 47 1f 15 21 51 bc 06 eb 1d 94 c6 ed .../G..!Q.......

0280: 88 e3 b3 f8 c6 3d 5e b0 c8 7e 34 34 bf 21 3a cb .....=^..~44.!:.

0290: e9 58 cb f4 9d 14 e7 14 0a 67 dd fa f1 fa 69 3f .X.......g....i?

02a0: f2 97 8b 0c 54 c5 17 5c 6a 3a 06 b2 24 3c b0 73 ....T..\j:..$<.s

02b0: 52 32 73 5c 90 32 7c ca b4 aa 24 4a 6b 1a 8b 5e R2s.2|...$Jk..^

02c0: 5a 00 bc 0b 2e ff bb 8f db 99 5d ac 86 e3 b0 71 Z.........]....q

02d0: 01 49 f4 d1 d1 df 7c e0 13 16 a3 00 03 07 30 82 .I....|.......0.

02e0: 03 03 30 82 01 eb a0 03 02 01 02 02 04 4f 45 c6 ..0..........OE.

02f0: 92 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 .0...*.H........

0300: 30 21 31 1f 30 1d 06 03 55 04 03 13 16 63 61 62 0!1.0...U....cab

0310: 65 72 6e 65 74 2e 62 75 72 6e 65 74 2e 65 64 75 ernet.burnet.edu

0320: 2e 61 75 30 1e 17 0d 31 32 30 32 32 33 30 34 35 .au0...120223045

0330: 34 34 32 5a 17 0d 31 33 30 32 32 32 30 34 35 34 442Z..1302220454

0340: 34 32 5a 30 21 31 1f 30 1d 06 03 55 04 03 13 16 42Z0!1.0...U....

0350: 63 61 62 65 72 6e 65 74 2e 62 75 72 6e 65 74 2e cabernet.burnet.

0360: 65 64 75 2e 61 75 30 82 01 22 30 0d 06 09 2a 86 edu.au0.."0...*.

0370: 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 H.............0.

0380: 01 0a 02 82 01 01 00 f4 96 e0 b4 5c fc 2d 2e f4 ............-..

0390: 37 30 03 bb 70 c9 99 ca 25 b9 46 90 cb 75 99 19 70..p...%.F..u..

03a0: a8 c9 95 27 52 ee b4 6d 29 99 07 9b a5 7f 52 15 ...'R..m).....R.

03b0: 20 25 a0 d9 17 6f f6 67 c6 a0 1e 33 9a 2c 4b 24 %...o.g...3.,K$

03c0: 83 60 e9 33 e2 1d 7a 42 c3 b6 9d d8 28 bd 85 4c .`.3..zB....(..L

03d0: 77 d0 11 69 cb 81 f4 a8 e1 25 57 56 4f 9c 0f e1 w..i.....%WVO...

03e0: 8b 67 cd 80 53 83 07 b4 d2 32 e5 7e 12 83 4f a2 .g..S....2.~..O.

03f0: cc 56 92 e7 e1 60 7d 26 7d a5 b2 7c 81 47 66 57 .V...`}&}..|.GfW

0400: c9 50 fb 45 d8 b8 35 53 89 f2 0e 35 4a ab 84 0d .P.E..5S...5J...

0410: c8 53 3f 1f 38 64 dc cf e4 4a 54 b0 48 84 1b c3 .S?.8d...JT.H...

0420: 66 f8 53 a4 1a a6 b5 5c df 54 4a 50 fb 29 f6 2e f.S.....TJP.)..

0430: 38 93 ed 9e 03 94 8c 5c 66 9f 08 6c af 1f fd e9 8......\f..l....

0440: a6 b9 d6 8a 5e 2d f9 29 eb e0 80 6b bf ec 3a dd ....^-.)...k..:.

0450: 3e 48 a7 b2 53 d5 2f ff 7d 23 78 f3 ed 04 bf 04

H..S./.}#x.....

0460: c9 6d 9a 74 fb c3 28 1c 76 c5 7a eb 49 0a 1e 8e .m.t..(.v.z.I...

0470: 9b 08 ff f3 e1 f6 b0 aa 9f b5 75 6a 32 09 6a 6e ..........uj2.jn

0480: fd 96 58 c2 15 fd 5d 02 03 01 00 01 a3 43 30 41 ..X...]......C0A

0490: 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 0...U.......0...

04a0: ff 30 0f 06 03 55 1d 0f 01 01 ff 04 05 03 03 07 .0...U..........

04b0: 04 00 30 1d 06 03 55 1d 0e 04 16 04 14 9e 4d 67 ..0...U.......Mg

04c0: 0c 77 e2 ae 73 1d cb c9 9c 30 9a 55 42 a9 fe 10 .w..s....0.UB...

04d0: 87 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 .0...*.H........

04e0: 03 82 01 01 00 88 53 73 a9 3d 82 f2 01 70 b1 21 ......Ss.=...p.!

04f0: 80 d4 e2 77 d3 26 4f 55 16 a3 bd 98 32 25 2e 32 ...w.&OU....2%.2

0500: e2 d7 71 3b 37 d0 b5 22 b2 d6 c6 70 09 f1 52 6f ..q;7.."...p..Ro

0510: cc fc 12 3b a3 ef 95 a1 2c 5b c9 fb c5 15 7e 99 ...;....,[....~.

0520: a6 07 04 ff a3 cd c1 6c 20 e8 23 a7 9a ca dd 25 .......l .#....%

0530: 06 a7 84 19 c1 1c 88 eb 4a b2 b7 6c f9 06 bc ae ........J..l....

0540: 1c b0 55 d5 dc 3b e7 1d 13 94 a0 8e d7 4b 0e c5 ..U..;.......K..

0550: 47 59 7a 7d 92 b6 32 ed c0 cc d8 5b 61 89 dc 33 GYz}..2....[a..3

0560: f9 37 62 7e 03 16 8c 43 08 f0 cf f3 3b ee 75 71 .7b~...C....;.uq

0570: e1 91 3e 97 ce 8e 59 85 b1 11 56 d9 a4 29 60 93 ..>...Y...V..)`.

0580: ff 31 a4 04 93 13 76 52 03 7e 2b 83 97 1c 9a 3b .1....vR.~+....;

0590: 97 f3 5c 2d 5b be 7b 7e 09 29 e4 5d fe 5e f1 7f ..-[.{~.).].^..

05a0: 19 e3 7c cc 6f a0 f5 e6 c7 30 8d 39 57 7c 44 0b ..|.o....0.9W|D.

05b0: 16 77 73 1c 38 be 28 b1 36 39 3b 9b 10 62 7b b9 .ws.8.(.69;..b{.

05c0: fc bd ca 6f 2a 9e 6a bf 3c ad e5 45 7c 9c 2f 60 ...o*.j.<..E|./`

05d0: 0a 7f 51 7c bf a3 35 5c 79 b5 e8 e4 cf a9 74 da ..Q|..5\y.....t.

05e0: 72 7a f2 c0 da rz...

tls_read: want=5, got=5

0000: 16 03 03 00 04 .....

tls_read: want=4, got=4

0000: 0e 00 00 00 ....

tls_write: want=139, written=139

0000: 16 03 03 00 86 10 00 00 82 00 80 27 8b cb 55 4b ...........'..UK

0010: 5e 9f 1c 8f e0 f6 40 3f b8 2e c7 39 58 54 2a a5 ^.....@?...9XT*.

0020: c7 02 a3 07 b4 20 e0 b4 cd 04 c9 de 4e 43 71 ef ..... ......NCq.

0030: e2 f4 1e ae f0 f4 fb 97 cb 5f e2 d9 58 28 f3 e4 ........._..X(..

0040: 98 ee 1f 75 7f b9 50 e0 79 7a 85 1a 45 99 7c a2 ...u..P.yz..E.|.

0050: 9f d4 d6 02 21 b8 b8 e5 0b 00 d4 87 36 8f 16 d2 ....!.......6...

0060: f1 92 fb 6e 34 06 a9 eb 2b 07 6d be 5e 6a 8f 13 ...n4...+.m.^j..

0070: d2 1a b5 76 51 65 b4 bb c9 54 da 9c b8 eb 22 1c ...vQe...T....".

0080: 24 b0 7e 4c a6 d8 9c 3e 1d ec 97 $.~L...>...

tls_write: want=6, written=6

0000: 14 03 03 00 01 01 ......

tls_write: want=149, written=149

0000: 16 03 03 00 90 42 db 5e 66 fe 67 8d 28 5c 2b 4e .....B.^f.g.(+N

0010: 30 83 de f3 e5 9b 72 1c ad 0a 47 fc bb e5 00 86 0.....r...G.....

0020: 15 38 99 7e 65 32 7a 83 dd d3 38 da 1f 02 19 90 .8.~e2z...8.....

0030: ce 52 04 ca 19 f9 23 64 eb 95 32 f7 99 1a e6 70 .R....#d..2....p

0040: 87 91 8d fd de 91 99 34 15 24 95 dc 9b 18 6e 2c .......4.$....n,

0050: d0 61 08 5f 8a d6 67 ef 07 0d ac f7 97 f0 ee ec .a._..g.........

0060: 06 c5 34 27 55 af 0e c2 41 df df 5f 2a 3f 70 e7 ..4'U...A.._*?p.

0070: 6a 15 e8 d2 b3 30 8e d2 b7 02 1d 41 87 c0 3c 09 j....0.....A..<.

0080: 2c 3e 74 aa 10 b1 5a 89 22 73 16 ff c4 99 0b d4 ,>t...Z."s......

0090: c8 30 5f 78 3a .0_x:

tls_read: want=5, got=5

0000: 14 03 03 00 01 .....

tls_read: want=1, got=1

0000: 01 .

tls_read: want=5, got=5

0000: 16 03 03 01 20 ....

tls_read: want=288, got=288

0000: 25 02 9a a1 d7 69 40 00 ba 2b 75 2c 4e 7b 82 21 %....i@..+u,N{.!

0010: f9 0d 2e 55 1b 3f 34 c9 5e 59 43 7f 6c d2 c2 52 ...U.?4.^YC.l..R

0020: 5d bf 44 e9 93 65 33 bc a8 9b f8 b7 d3 f2 f6 15 ].D..e3.........

0030: b1 e9 58 3a 16 c3 22 f9 9b 0c ff 4f 19 d0 cc f9 ..X:.."....O....

0040: cd 2d 76 15 48 20 57 c5 c0 6b cd 2c 4a 5b b1 9d .-v.H W..k.,J[..

0050: 1b d3 9b bf 16 c4 36 ee ca 2e af 23 7c b7 e7 e1 ......6....#|...

0060: f9 bf 46 b6 06 12 fe fe ab 3d 34 5e c7 9c 4a 52 ..F......=4^..JR

0070: 99 70 70 0f d1 8d fd 55 bb f9 f5 2b 56 dc 5b 00 .pp....U...+V.[.

0080: f2 75 f3 74 89 65 91 a5 5f 70 09 5b 09 c0 e8 48 .u.t.e.._p.[...H

0090: 4a db f6 15 14 4a 41 fe 14 09 73 cf fa 5b 1c 7c J....JA...s..[.|

00a0: 68 82 fd 1d da 49 2d 12 83 b0 67 15 56 7c f8 ee h....I-...g.V|..

00b0: 75 08 7a 3d 1a a6 87 aa bc 7d ff b4 71 43 93 8c u.z=.....}..qC..

00c0: b4 c6 3e a0 5b 3b 10 e9 16 62 b0 dc cb a8 08 77 ..>.[;...b.....w

00d0: d0 51 31 ed 8b 05 62 1f 3f a1 9d 45 ff d8 3f ba .Q1...b.?..E..?.

00e0: ae a1 d6 ac 29 e6 f8 75 87 33 8e a7 19 9f 69 ec ....)..u.3....i.

00f0: fd d5 49 20 4e 09 aa 3d da c4 50 a5 0d 50 0b f9 ..I N..=..P..P..

0100: c1 2a b9 bd 71 6a 5a 6e e7 01 0c df 1c 44 33 34 .*..qjZn.....D34

0110: 6e ac e6 db 1a 7d ef 10 5e 68 d3 4b cc 56 59 01 n....}..^h.K.VY.

TLS: peer cert untrusted or revoked (0x42)

TLS: can't connect: (unknown error code).

ldap_err2string

ldap_start_tls: Connect error (-11)

additional info: (unknown error code)

I also get quite a few these errors in the syslog, though they don’t appear to be coincide with my manual connection attempts:

Feb 23 16:20:41 cabernet slapd[9024]: connection_read(25): no connection!

Feb 23 16:20:41 cabernet slapd[9024]: <= bdb_equality_candidates: (objectClass) not indexed

Please let me know if there is anything else you want and thanks in advance for any suggestions

Cheers

Paul