Hello, I'm trying for days now to get openldap with tls support to work. this is a part of my slapd.conf: # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/lib/slapd.pid argsfile /var/lib/slapd.args loglevel 1024 # TLS options for slapd TLSCipherSuite HIGH TLSCertificateFile /etc/ssl/slapd-cert.pem TLSCertificateKeyFile /etc/ssl/slapd-key.pem TLSCACertificateFile /ect/ssl/demoCA/cacert.pem This is my ldap.conf(stripped down comments): # @(#)$Id: ldap.conf,v 2.32 2002/11/15 05:01:16 lukeh Exp $ # # This is the configuration file for the LDAP nameservice # switch library and the LDAP PAM module. # # PADL Software # http://www.padl.com # host 127.0.0.1 base dc=ilimburg,dc=nl uri ldap://127.0.0.1/ uri ldaps://127.0.0.1/ port 389 scope sub timelimit 30 pam_groupdn cn=ldap,ou=Hosts,dc=ilimburg,dc=nl pam_member_attribute member ssl start_tls when i try to start slapd, this happens: ldap ssl # /usr/lib/openldap/slapd -d 1 @(#) $OpenLDAP: slapd 2.0.27-Release (Mon Jun 16 17:48:28 CEST 2003) $ [EMAIL PROTECTED]:/var/tmp/portage/openldap-2.0.27/work/openldap-2.0.27/servers/slapd daemon_init: listen on ldap:/// daemon_init: 1 listeners to open... ldap_url_parse_ext(ldap:///) daemon: initialized ldap:/// daemon_init: 1 listeners opened slapd init: initiated server. TLS: could not load verify locations (file:`/ect/ssl/demoCA/cacert.pem',dir:`'). TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:104 TLS: error:2006D002:BIO routines:BIO_new_file:system lib bss_file.c:106 TLS: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib by_file.c:274 main: TLS init def ctx failed: 0 slapd shutdown: freeing system resources. slapd stopped. connections_destroy: nothing to destroy. When I remove the 'TLSCACertificateFile /ect/ssl/demoCA/cacert.pem' from my config, then slapd will start, but when I try to connect with ssh to the host, this happens: ldap ssl # /usr/lib/openldap/slapd -d 1 @(#) $OpenLDAP: slapd 2.0.27-Release (Mon Jun 16 17:48:28 CEST 2003) $ [EMAIL PROTECTED]:/var/tmp/portage/openldap-2.0.27/work/openldap-2.0.27/servers/slapd daemon_init: listen on ldap:/// daemon_init: 1 listeners to open... ldap_url_parse_ext(ldap:///) daemon: initialized ldap:/// daemon_init: 1 listeners opened slapd init: initiated server. slapd startup: initiated. slapd starting connection_get(9): got connid=0 connection_read(9): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) do_extended ber_scanf fmt ({a) ber: send_ldap_extended 0: (0) send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 9 connection_get(9): got connid=0 connection_read(9): checking for input on id=0 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(9): got connid=0 connection_read(9): checking for input on id=0 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_get(9): got connid=0 connection_read(9): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 5 contents: ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 9 failed errno=0 (Success) connection_read(9): input error=-2 id=0, closing. connection_closing: readying conn=0 sd=9 for close connection_close: deferring conn=0 sd=9 do_unbind connection_resched: attempting closing conn=0 sd=9 connection_close: conn=0 sd=9 TLS trace: SSL3 alert write:warning:close notify connection_get(9): got connid=1 connection_read(9): checking for input on id=1 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) do_extended ber_scanf fmt ({a) ber: send_ldap_extended 0: (0) send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 9 connection_get(9): got connid=1 connection_read(9): checking for input on id=1 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(9): got connid=1 connection_read(9): checking for input on id=1 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_get(10): got connid=2 connection_read(10): checking for input on id=2 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable) do_extended ber_scanf fmt ({a) ber: send_ldap_extended 0: (0) send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 10 connection_get(10): got connid=2 connection_read(10): checking for input on id=2 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(10): got connid=2 connection_read(10): checking for input on id=2 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_get(10): got connid=2 connection_read(10): checking for input on id=2 ber_get_next ber_get_next: tag 0x30 len 5 contents: do_unbind ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 10 failed errno=0 (Success) connection_read(10): input error=-2 id=2, closing. connection_closing: readying conn=2 sd=10 for close connection_close: deferring conn=2 sd=10 connection_resched: reaquiring locks conn=2 sd=10 connection_resched: attempting closing conn=2 sd=10 connection_close: conn=2 sd=10 TLS trace: SSL3 alert write:warning:close notify connection_get(11): got connid=3 connection_read(11): checking for input on id=3 ber_get_next ber_get_next: tag 0x30 len 29 contents: do_extended ber_scanf fmt ({a) ber: ber_get_next ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable) send_ldap_extended 0: (0) send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 11 connection_get(11): got connid=3 connection_read(11): checking for input on id=3 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_get(11): got connid=3 connection_read(11): checking for input on id=3 ber_get_next ber_get_next: tag 0x30 len 5 contents: do_unbind ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 11 failed errno=0 (Success) connection_read(11): input error=-2 id=3, closing. connection_closing: readying conn=3 sd=11 for close connection_close: deferring conn=3 sd=11 connection_resched: reaquiring locks conn=3 sd=11 connection_resched: attempting closing conn=3 sd=11 connection_close: conn=3 sd=11 TLS trace: SSL3 alert write:warning:close notify connection_get(9): got connid=1 connection_read(9): checking for input on id=1 ber_get_next ber_get_next: tag 0x30 len 12 contents: ber_get_next ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) do_bind ber_scanf fmt ({iat) ber: ber_scanf fmt (o}) ber: do_bind: version=3 dn="" method=128 send_ldap_result: conn=1 op=1 p=3 send_ldap_response: msgid=2 tag=97 err=0 ber_flush: 14 bytes to sd 9 do_bind: v3 anonymous bind connection_get(9): got connid=1 connection_read(9): checking for input on id=1 ber_get_next ber_get_next: tag 0x30 len 53 contents: do_search ber_scanf fmt ({aiiiib) ber: ber_scanf fmt ({oo}) ber: ber_scanf fmt ({v}}) ber: send_ldap_result: conn=1 op=2 p=3 send_ldap_response: msgid=3 tag=101 err=32 ber_get_next ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable) ber_flush: 14 bytes to sd 9 connection_get(10): got connid=4 connection_read(10): checking for input on id=4 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next ber_get_next on fd 10 failed errno=11 (Resource temporarily unavailable) do_extended ber_scanf fmt ({a) ber: send_ldap_extended 0: (0) send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 10 connection_get(10): got connid=4 connection_read(10): checking for input on id=4 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(10): got connid=4 connection_read(10): checking for input on id=4 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_get(10): got connid=4 connection_read(10): checking for input on id=4 ber_get_next ber_get_next: tag 0x30 len 5 contents: ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 10 failed errno=0 (Success) connection_read(10): input error=-2 id=4, closing. connection_closing: readying conn=4 sd=10 for close connection_close: deferring conn=4 sd=10 do_unbind connection_resched: attempting closing conn=4 sd=10 connection_close: conn=4 sd=10 TLS trace: SSL3 alert write:warning:close notify connection_get(11): got connid=5 connection_read(11): checking for input on id=5 ber_get_next ber_get_next: tag 0x30 len 29 contents: ber_get_next ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable) do_extended ber_scanf fmt ({a) ber: send_ldap_extended 0: (0) send_ldap_response: msgid=1 tag=120 err=0 ber_flush: 14 bytes to sd 11 connection_get(11): got connid=5 connection_read(11): checking for input on id=5 TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A connection_get(11): got connid=5 connection_read(11): checking for input on id=5 TLS trace: SSL_accept:SSLv3 read client key exchange A TLS trace: SSL_accept:SSLv3 read finished A TLS trace: SSL_accept:SSLv3 write change cipher spec A TLS trace: SSL_accept:SSLv3 write finished A TLS trace: SSL_accept:SSLv3 flush data connection_get(11): got connid=5 connection_read(11): checking for input on id=5 ber_get_next ber_get_next: tag 0x30 len 5 contents: ber_get_next TLS trace: SSL3 alert read:warning:close notify ber_get_next on fd 11 failed errno=0 (Success) connection_read(11): input error=-2 id=5, closing. connection_closing: readying conn=5 sd=11 for close connection_close: deferring conn=5 sd=11 do_unbind connection_resched: attempting closing conn=5 sd=11 connection_close: conn=5 sd=11 TLS trace: SSL3 alert write:warning:close notify I searched google for days, tried everthing I could find, Read 'LDAP System Administration' from O'reilly, but I don't get it to work. Any help / suggestion is welcome!
-- [EMAIL PROTECTED] mailing list
