On Thu, 7 Jul 2005, Brian Candler wrote:
> On Wed, Jul 06, 2005 at 03:59:35PM -0400, James Craig wrote:
> > TLS trace: SSL_accept:before/accept initialization
> > TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
> > TLS: can't accept.
> > TLS: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> > s23_srvr.c:594
> > connection_read(12): TLS accept error error=-1 id=46, closing
>
> This sort of error is typically logged when a client tries to talk non-TLS
> LDAP to a server which is expecting a TLS negotiation immediately on
> connect.
>
> > My ldap_client_file looks like this:
> >
> > NS_LDAP_FILE_VERSION= 2.0
> > NS_LDAP_SERVERS= 129.21.36.128:636
>
> I don't know this particular file format, but there I can see that you have
> told it to connect to an LDAP server on port 636, but I can't see anywhere
> that you say it should use TLS for the connection. Have a look in the
> documentation and see if you can find a way to do that.
Well, I have done some more digging this morning.
if I set up the ldap server to also listen on port 383, and change the
line
NS_LDAP_SERVERS= 129.21.36.128
It works.
From what I am getting from this, is that the solaris ldap client wants
to communicate on an unencrypted channel and establish encryption from
that.
What I think I need to figure out (and help is always appreciated) is
how to get the solaris ldap client to communicate with the openldap
server on port 636 without having to go through TLS negotiation.
jim craig
---
You are currently subscribed to ldap@umich.edu as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
