-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Anil,
please try to symlink /etc/ldap.conf to /etc/ldap/ldap.conf. Sometimes the LDAP commandline tools use a different location than the web server. The file must include something like this: TLS_CACERT /etc/ldap/ca/myCA/cacert.pem Best regards Roland On 12.10.2012 12:07, Anil Kumar 10 wrote: > Hi > > We have installed openldap 2.4.2 with self singed certificate and > LAM 3.9 on same server with apache2.2.15. > > If we do ldapserach -ZZ or ldapsearch -H ldaps://hostname it works > fine > > CN in certificate is same as the hostname. > > We are able to connect on 389 from LAM. > > But its not working when we use either tls or ldaps. > > Logs from LAM > > 2012-10-12 05:51:18: LDAP Account Manager > (bcnt18dq2stm7ceakpfnptkc70 - 172.25.18.67) - DEBUG: Display login > page 2012-10-12 05:51:18: LDAP Account Manager > (bcnt18dq2stm7ceakpfnptkc70 - 172.25.18.67) - DEBUG: LAM 3.9 > 2012-10-12 05:51:23: LDAP Account Manager > (dim73luup4blkp10u3mbi795v1 - 172.25.18.67) - ERROR: User > cn=Manager,dc=idm,dc=com (172.25.18.67) failed to log in (LDAP > error: Can't contact LDAP server). 2012-10-12 05:51:23: LDAP > Account Manager (dim73luup4blkp10u3mbi795v1 - 172.25.18.67) - > DEBUG: Display login page 2012-10-12 05:51:23: LDAP Account Manager > (dim73luup4blkp10u3mbi795v1 - 172.25.18.67) - DEBUG: LAM 3.9 > 2012-10-12 05:53:41: LDAP Account Manager > (hhighd48ms1fggv518msemp1h6 - 172.25.18.67) - DEBUG: Display login > page 2012-10-12 05:53:41: LDAP Account Manager > (hhighd48ms1fggv518msemp1h6 - 172.25.18.67) - DEBUG: LAM 3.9 > 2012-10-12 05:53:45: LDAP Account Manager > (eo7imttp8g193vo9k6bsqhffu1 - 172.25.18.67) - NOTICE: User > cn=Manager,dc=idm,dc=com (172.25.18.67) successfully logged in. > 2012-10-12 05:54:06: LDAP Account Manager > (eo7imttp8g193vo9k6bsqhffu1 - 172.25.18.67) - NOTICE: User > cn=Manager,dc=idm,dc=com logged off. 2012-10-12 05:54:06: LDAP > Account Manager (oungeu5vkcuvb0hfs33q9v9li0 - 172.25.18.67) - > DEBUG: Display login page 2012-10-12 05:54:06: LDAP Account Manager > (oungeu5vkcuvb0hfs33q9v9li0 - 172.25.18.67) - DEBUG: LAM 3.9 > 2012-10-12 05:54:55: LDAP Account Manager > (r8eqv0kvr7mqncn8523u4q57u4 - 172.25.18.67) - DEBUG: Display login > page 2012-10-12 05:54:55: LDAP Account Manager > (r8eqv0kvr7mqncn8523u4q57u4 - 172.25.18.67) - DEBUG: LAM 3.9 > 2012-10-12 05:55:02: LDAP Account Manager > (n858ttle2iiov00lhvnqfa1c40 - 172.25.18.67) - NOTICE: User > cn=Manager,dc=idm,dc=com (172.25.18.67) successfully logged in. > 2012-10-12 05:55:07: LDAP Account Manager > (n858ttle2iiov00lhvnqfa1c40 - 172.25.18.67) - NOTICE: User > cn=Manager,dc=idm,dc=com logged off. 2012-10-12 05:55:08: LDAP > Account Manager (qs9o5ka8602i7mjkdarhp8k0b0 - 172.25.18.67) - > DEBUG: Display login page 2012-10-12 05:55:08: LDAP Account Manager > (qs9o5ka8602i7mjkdarhp8k0b0 - 172.25.18.67) - DEBUG: LAM 3.9 > 2012-10-12 05:55:54: LDAP Account Manager > (q6cnro2po2h34jadk3t2g48l47 - 172.25.18.67) - DEBUG: Display login > page 2012-10-12 05:55:54: LDAP Account Manager > (q6cnro2po2h34jadk3t2g48l47 - 172.25.18.67) - DEBUG: LAM 3.9 > 2012-10-12 05:55:58: LDAP Account Manager > (6u3f8g6msnpmovq7jnt27i9r82 - 172.25.18.67) - ERROR: User > cn=Manager,dc=idm,dc=com (172.25.18.67) failed to log in (LDAP > error: Can't contact LDAP server). 2012-10-12 05:55:58: LDAP > Account Manager (6u3f8g6msnpmovq7jnt27i9r82 - 172.25.18.67) - > DEBUG: Display login page 2012-10-12 05:55:58: LDAP Account Manager > (6u3f8g6msnpmovq7jnt27i9r82 - 172.25.18.67) - DEBUG: LAM 3.9 > > > Debug logs from ldap > > > slap_listener_activate(10): daemon: epoll: listen=7 > active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 > tvp=zero daemon: epoll: listen=9 active_threads=0 tvp=zero daemon: > epoll: listen=10 busy >>>> slap_listener(ldaps:///) > daemon: listen=10, new connection on 17 daemon: added 17r (active) > listener=(nil) daemon: activity on 1 descriptor daemon: activity > on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: > epoll: listen=8 active_threads=0 tvp=zero daemon: epoll: listen=9 > active_threads=0 tvp=zero daemon: epoll: listen=10 active_threads=0 > tvp=zero daemon: activity on 1 descriptor daemon: activity on: 17r > daemon: read active on 17 daemon: epoll: listen=7 active_threads=0 > tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: > epoll: listen=9 active_threads=0 tvp=zero daemon: epoll: listen=10 > active_threads=0 tvp=zero connection_get(17) connection_get(17): > got connid=1027 connection_read(17): checking for input on id=1027 > TLS trace: SSL_accept:before/accept initialization tls_read: > want=11, got=0 > > TLS: can't accept: (unknown). connection_read(17): TLS accept > failure error=-1 id=1027, closing connection_closing: readying > conn=1027 sd=17 for close connection_close: conn=1027 sd=17 daemon: > removing 17 daemon: activity on 1 descriptor daemon: activity on: > daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: epoll: > listen=8 active_threads=0 tvp=zero daemon: epoll: listen=9 > active_threads=0 tvp=zero daemon: epoll: listen=10 active_threads=0 > tvp=zero daemon: activity on 1 descriptor daemon: activity on: > slap_listener_activate(10): daemon: epoll: listen=7 > active_threads=0 tvp=zero daemon: epoll: listen=8 active_threads=0 > tvp=zero daemon: epoll: listen=9 active_threads=0 tvp=zero daemon: > epoll: listen=10 busy >>>> slap_listener(ldaps:///) > daemon: listen=10, new connection on 17 daemon: added 17r (active) > listener=(nil) daemon: activity on 1 descriptor daemon: activity > on: daemon: epoll: listen=7 active_threads=0 tvp=zero daemon: > epoll: listen=8 active_threads=0 tvp=zero daemon: epoll: listen=9 > active_threads=0 tvp=zero daemon: epoll: listen=10 active_threads=0 > tvp=zero daemon: activity on 1 descriptor daemon: activity on: 17r > daemon: read active on 17 daemon: epoll: listen=7 active_threads=0 > tvp=zero daemon: epoll: listen=8 active_threads=0 tvp=zero daemon: > epoll: listen=9 active_threads=0 tvp=zero daemon: epoll: listen=10 > active_threads=0 tvp=zero connection_get(17) connection_get(17): > got connid=1028 connection_read(17): checking for input on id=1028 > TLS trace: SSL_accept:before/accept initialization tls_read: > want=11, got=0 > > TLS: can't accept: (unknown). connection_read(17): TLS accept > failure error=-1 id=1028, closing connection_closing: readying > conn=1028 sd=17 for close connection_close: conn=1028 sd=17 daemon: > removing 17 daemon: activity on 1 descriptor daemon: activity on: > > > > Regards Anil > > > > > > ------------------------------------------------------------------------------ > > Don't let slow site performance ruin your business. Deploy New Relic APM > Deploy New Relic app performance management and know exactly what > is happening inside your Ruby, Python, PHP, Java, and .NET app Try > New Relic at no cost today and get our sweet Data Nerd shirt too! > http://p.sf.net/sfu/newrelic-dev2dev > > > > _______________________________________________ Lam-public mailing > list [email protected] > https://lists.sourceforge.net/lists/listinfo/lam-public - -- Mit freundlichen Grüßen Roland Gruber -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlB4V9sACgkQq/ywNCsrGZ6VPgCdEaURZefsrIBSf7U7qcD1QXw+ ntoAnij2kCxhTzl2kJOznU0VjtxsY3Gs =TA1Y -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Lam-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lam-public
