Greetings!
I have been working on getting my solaris machines moved over to
ldap, and in the test environment I have started a test system.
ideally I intend to use an openldap server, but if I understand
things correctly, I need to use the sun provided stuff for the
client. This is where I have been having some trouble.
I currently have ldap only listening on ldaps:/// and I am able to
manually list things with
ldapsearch -x -LLL
as well as
/usr/iplanet/ds5/shared/bin/ldapsearch -h manetheren.cs.rit.edu \
-p 636 -b "" -s base -v -P /var/ldap/cert7.db "(objectclass=*)"
this works from the ldap server and from a machine I am trying to
set up as a client.
With the server in debug mode I get this:
daemon: activity on 1 descriptors
daemon: new connection on 12
daemon: added 12r
daemon: activity on:
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 12r
daemon: read activity on 12
connection_get(12): got connid=46
connection_read(12): checking for input on id=46
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept.
TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
s23_srvr.c:594
connection_read(12): TLS accept error error=-1 id=46, closing
connection_closing: readying conn=46 sd=12 for close
connection_close: conn=46 sd=12
daemon: removing 12
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: select: listen=8 active_threads=0 tvp=NULL
Since the server is only listening on 636 I thing the problem involves
TLS, but I can not for the life of me figure out where it is setting
that.
My ldap_client_file looks like this:
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_SERVERS= 129.21.36.128:636
NS_LDAP_SEARCH_BASEDN= dc=cs,dc=rit,dc=edu
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_CACHETTL= 3600
NS_LDAP_PROFILE= tear_test
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=group,dc=cs,dc=rit,dc=edu?one
NS_LDAP_SERVICE_SEARCH_DESC= netgroup:ou=netgroup,dc=cs,dc=rit,dc=edu?sub
NS_LDAP_SERVICE_SEARCH_DESC= profile:ou=profiles,dc=cs,dc=rit,dc=edu
NS_LDAP_SERVICE_SEARCH_DESC= password:ou=People,dc=cs,dc=rit,dc=edu?one
NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=cs,dc=rit,dc=edu?one
NS_LDAP_SERVICE_SEARCH_DESC= gid:ou=Group,dc=cs,dc=rit,dc=edu?one
NS_LDAP_BIND_TIME= 10
ldap_client_cred looks like this:
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=cs,dc=rit,dc=edu
NS_LDAP_BINDPASSWD= {MD5}somepasswordcharacters
What I believe is relevant info from the ldapsearch:
dn: cn=tear_test,ou=profile,dc=cs,dc=rit,dc=edu
objectClass: top
objectClass: DUAConfigProfile
defaultSearchBase: dc=cs,dc=rit,dc=edu
cn: tear_test
serviceSearchDescriptor: passwd: ou=People,dc=cs,dc=rit,dc=edu
serviceSearchDescriptor: group: ou=Group,dc=cs,dc=rit,dc=edu
serviceSearchDescriptor: shadow: ou=People,dc=cs,dc=rit,dc=edu
serviceSearchDescriptor: netgroup: ou=Netgroup,dc=cs,dc=rit,dc=edu
followReferrals:: VFJVRSA=
defaultSearchScope: one
searchTimeLimit: 30
profileTTL: 43200
bindTimeLimit: 2
defaultServerList: 129.21.36.128:636
authenticationMethod: simple
credentialLevel: proxy
dn: cn=proxyagent,ou=profile,dc=cs,dc=rit,dc=edu
cn: proxyagent
sn: proxyagent
objectClass: top
objectClass: person
This is something I was working on a year ago but had to drop as the
school year progressed. Today I am a bit further than before, but
I still seem to be missing something critical.
Any help would be appreciated
Jim Craig
---
You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
