Hi, I'm trying to perform an authenticated LDAP search against a FreeIPA server (Fedora 15, freeipa-server-2.1.0-1.fc15.x86_64).
When I run: [root@kelvin ~]# ldapsearch -D "uid=guser,cn=users,cn=accounts,dc=example,dc=com" -w 'guserpassword' -b "cn=accounts,dc=example,dc=com" -h kelvin.example.com -v "uid=guser" -ZZ -c -d1 I receive the following error: ldap_start_tls: Connect error (-11) additional info: TLS error -8172:Unknown code ___f 20 Full details shown in attachment. Can anyone help me figure out what I'm doing wrong? Thanks, Dan Scott http://danieljamesscott.org
[root@kelvin ~]# ldapsearch -D "uid=guser,cn=users,cn=accounts,dc=example,dc=com" -w 'guserpassword' -b "cn=accounts,dc=example,dc=com" -h kelvin.example.com -v "uid=guser" -ZZ -c -d1 ldap_initialize( ldap://kelvin.example.com ) ldap_create ldap_url_parse_ext(ldap://kelvin.example.com) ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP kelvin.example.com:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 192.168.100.32:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush2: 31 bytes to sd 3 ldap_result ld 0xb0d280 msgid 1 wait4msg ld 0xb0d280 msgid 1 (infinite timeout) wait4msg continue ld 0xb0d280 msgid 1 all 1 ** ld 0xb0d280 Connections: * host: kelvin.example.com port: 389 (default) refcnt: 2 status: Connected last used: Wed Sep 14 14:52:28 2011 ** ld 0xb0d280 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0xb0d280 request count 1 (abandoned 0) ** ld 0xb0d280 Response Queue: Empty ld 0xb0d280 response count 0 ldap_chkResponseList ld 0xb0d280 msgid 1 all 1 ldap_chkResponseList returns ld 0xb0d280 NULL ldap_int_select read1msg: ld 0xb0d280 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 95 contents: read1msg: ld 0xb0d280 msgid 1 message type extended-result ber_scanf fmt ({eAA) ber: read1msg: ld 0xb0d280 0 new referrals read1msg: mark request completed, ld 0xb0d280 msgid 1 request done: ld 0xb0d280 msgid 1 res_errno: 0, res_error: <Start TLS request accepted.Server willing to negotiate SSL.>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_extended_result ber_scanf fmt ({eAA) ber: ber_scanf fmt (a) ber: ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (x) ber: ber_scanf fmt (}) ber: ldap_msgfree TLS: certificate [CN=Certificate Authority,O=EXAMPLE.COM] is not valid - error -8172:Unknown code ___f 20. TLS: error: connect - force handshake failure: errno 21 - moznss error -8172 TLS: can't connect: TLS error -8172:Unknown code ___f 20. ldap_err2string ldap_start_tls: Connect error (-11) additional info: TLS error -8172:Unknown code ___f 20
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users