Hi
We have installed openldap 2.4.2 with self singed certificate and LAM 3.9 on
same server with apache2.2.15.
If we do ldapserach -ZZ or ldapsearch -H ldaps://hostname it works fine
CN in certificate is same as the hostname.
We are able to connect on 389 from LAM.
But its not working when we use either tls or ldaps.
Logs from LAM
2012-10-12 05:51:18: LDAP Account Manager (bcnt18dq2stm7ceakpfnptkc70 -
172.25.18.67) - DEBUG: Display login page
2012-10-12 05:51:18: LDAP Account Manager (bcnt18dq2stm7ceakpfnptkc70 -
172.25.18.67) - DEBUG: LAM 3.9
2012-10-12 05:51:23: LDAP Account Manager (dim73luup4blkp10u3mbi795v1 -
172.25.18.67) - ERROR: User cn=Manager,dc=idm,dc=com (172.25.18.67) failed to
log in (LDAP error: Can't contact LDAP server).
2012-10-12 05:51:23: LDAP Account Manager (dim73luup4blkp10u3mbi795v1 -
172.25.18.67) - DEBUG: Display login page
2012-10-12 05:51:23: LDAP Account Manager (dim73luup4blkp10u3mbi795v1 -
172.25.18.67) - DEBUG: LAM 3.9
2012-10-12 05:53:41: LDAP Account Manager (hhighd48ms1fggv518msemp1h6 -
172.25.18.67) - DEBUG: Display login page
2012-10-12 05:53:41: LDAP Account Manager (hhighd48ms1fggv518msemp1h6 -
172.25.18.67) - DEBUG: LAM 3.9
2012-10-12 05:53:45: LDAP Account Manager (eo7imttp8g193vo9k6bsqhffu1 -
172.25.18.67) - NOTICE: User cn=Manager,dc=idm,dc=com (172.25.18.67)
successfully logged in.
2012-10-12 05:54:06: LDAP Account Manager (eo7imttp8g193vo9k6bsqhffu1 -
172.25.18.67) - NOTICE: User cn=Manager,dc=idm,dc=com logged off.
2012-10-12 05:54:06: LDAP Account Manager (oungeu5vkcuvb0hfs33q9v9li0 -
172.25.18.67) - DEBUG: Display login page
2012-10-12 05:54:06: LDAP Account Manager (oungeu5vkcuvb0hfs33q9v9li0 -
172.25.18.67) - DEBUG: LAM 3.9
2012-10-12 05:54:55: LDAP Account Manager (r8eqv0kvr7mqncn8523u4q57u4 -
172.25.18.67) - DEBUG: Display login page
2012-10-12 05:54:55: LDAP Account Manager (r8eqv0kvr7mqncn8523u4q57u4 -
172.25.18.67) - DEBUG: LAM 3.9
2012-10-12 05:55:02: LDAP Account Manager (n858ttle2iiov00lhvnqfa1c40 -
172.25.18.67) - NOTICE: User cn=Manager,dc=idm,dc=com (172.25.18.67)
successfully logged in.
2012-10-12 05:55:07: LDAP Account Manager (n858ttle2iiov00lhvnqfa1c40 -
172.25.18.67) - NOTICE: User cn=Manager,dc=idm,dc=com logged off.
2012-10-12 05:55:08: LDAP Account Manager (qs9o5ka8602i7mjkdarhp8k0b0 -
172.25.18.67) - DEBUG: Display login page
2012-10-12 05:55:08: LDAP Account Manager (qs9o5ka8602i7mjkdarhp8k0b0 -
172.25.18.67) - DEBUG: LAM 3.9
2012-10-12 05:55:54: LDAP Account Manager (q6cnro2po2h34jadk3t2g48l47 -
172.25.18.67) - DEBUG: Display login page
2012-10-12 05:55:54: LDAP Account Manager (q6cnro2po2h34jadk3t2g48l47 -
172.25.18.67) - DEBUG: LAM 3.9
2012-10-12 05:55:58: LDAP Account Manager (6u3f8g6msnpmovq7jnt27i9r82 -
172.25.18.67) - ERROR: User cn=Manager,dc=idm,dc=com (172.25.18.67) failed to
log in (LDAP error: Can't contact LDAP server).
2012-10-12 05:55:58: LDAP Account Manager (6u3f8g6msnpmovq7jnt27i9r82 -
172.25.18.67) - DEBUG: Display login page
2012-10-12 05:55:58: LDAP Account Manager (6u3f8g6msnpmovq7jnt27i9r82 -
172.25.18.67) - DEBUG: LAM 3.9
Debug logs from ldap
slap_listener_activate(10):
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=9 active_threads=0 tvp=zero
daemon: epoll: listen=10 busy
>>> slap_listener(ldaps:///)
daemon: listen=10, new connection on 17
daemon: added 17r (active) listener=(nil)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=9 active_threads=0 tvp=zero
daemon: epoll: listen=10 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 17r
daemon: read active on 17
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=9 active_threads=0 tvp=zero
daemon: epoll: listen=10 active_threads=0 tvp=zero
connection_get(17)
connection_get(17): got connid=1027
connection_read(17): checking for input on id=1027
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=0
TLS: can't accept: (unknown).
connection_read(17): TLS accept failure error=-1 id=1027, closing
connection_closing: readying conn=1027 sd=17 for close
connection_close: conn=1027 sd=17
daemon: removing 17
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=9 active_threads=0 tvp=zero
daemon: epoll: listen=10 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on:
slap_listener_activate(10):
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=9 active_threads=0 tvp=zero
daemon: epoll: listen=10 busy
>>> slap_listener(ldaps:///)
daemon: listen=10, new connection on 17
daemon: added 17r (active) listener=(nil)
daemon: activity on 1 descriptor
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=9 active_threads=0 tvp=zero
daemon: epoll: listen=10 active_threads=0 tvp=zero
daemon: activity on 1 descriptor
daemon: activity on: 17r
daemon: read active on 17
daemon: epoll: listen=7 active_threads=0 tvp=zero
daemon: epoll: listen=8 active_threads=0 tvp=zero
daemon: epoll: listen=9 active_threads=0 tvp=zero
daemon: epoll: listen=10 active_threads=0 tvp=zero
connection_get(17)
connection_get(17): got connid=1028
connection_read(17): checking for input on id=1028
TLS trace: SSL_accept:before/accept initialization
tls_read: want=11, got=0
TLS: can't accept: (unknown).
connection_read(17): TLS accept failure error=-1 id=1028, closing
connection_closing: readying conn=1028 sd=17 for close
connection_close: conn=1028 sd=17
daemon: removing 17
daemon: activity on 1 descriptor
daemon: activity on:
Regards
Anil
------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
Lam-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/lam-public
