Dieter Kluenter schrieb:
> Hi,
>
> Karsten Römke <[EMAIL PROTECTED]> writes:
>
>> Dieter Kluenter schrieb:
>>> Hi,
>
>> Hi,
>> I have done:
>> oracle:/etc/openldap # openssl x509 -in servercrt.pem -text > servercrt.txt
>> oracle:/etc/openldap # openssl x509 -in cacert.pem -text > cacert.txt
>> and here are parts out of this files:
>> oracle:/etc/openldap # grep -i keyid servercrt.txt
>>
>> keyid:90:4F:E9:05:AA:38:FC:D9:21:45:B0:BD:A5:2E:B3:5B:E9:59:38:AF
>> oracle:/etc/openldap # grep -i keyid cacert.txt
>>
>> keyid:90:4F:E9:05:AA:38:FC:D9:21:45:B0:BD:A5:2E:B3:5B:E9:59:38:AF
>> I assume that this keyids must be the same?
>
> Yes.
>
> [...]
>> Sorry, I don't understand that. Now I tried only from
>> the server oracle.hhb.bonn.de with the command
>> ldapsearch -h oracle.hhb.bonn.de -b "dc=hhb,dc=bonn,dc=de" -D
>> "cn=manager,dc=hhb,dc=bonn,dc=de" -x -W -ZZ -d1
>> and the following entries in /etc/openldap/ldap.conf
>> ------------#
>> # LDAP Defaults
>> #
>>
>> # See ldap.conf(5) for details
>> # This file should be world readable but not world writable.
>>
>> #BASE dc=example, dc=com
>> #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
>>
>> #SIZELIMIT 12
>> #TIMELIMIT 15
>> #DEREF never
>> TLS_REQCERT allow
>> ssl start_tls
>> host oracle.hhb.bonn.de
>> base dc=hhb,dc=bonn,dc=de
>> TLS_CACERT /etc/openldap/cacert.pem
>> ----------------------
>
> Is your cacert.pem world readable?
yes
>
>> again: no success with tls:
> [...]
>
> Do a strace, that is
>
> strace -o /tmp/ldap-strace-log ldapsearch -H
> ldap://oracle.hhb.bonn.de -b "your.base" -x -D -ZZ
I have done:
strace -o /tmp/ldap-strace-log ldapsearch -H ldap://oracle.hhb.bonn.de -b
"dc=hhb,dc=bonn,dc=de" -x -ZZ
- without parameter -D
I appended the output after /etc/openldap/ldap.conf
It looks normal to me. Could
open("/etc/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
be a problem?
Karsten
open("/etc/openldap/ldap.conf", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=385, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x2aaaaaaf7000
read(3, "#\n# LDAP Defaults\n#\n\n# See ldap."..., 4096) = 385
read(3, "", 4096) = 0
read(3, "", 4096) = 0
close(3) = 0
munmap(0x2aaaaaaf7000, 4096) = 0
getuid() = 0
geteuid() = 0
open("/root/ldaprc", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/root/.ldaprc", O_RDONLY) = -1 ENOENT (No such file or directory)
open("ldaprc", O_RDONLY) = -1 ENOENT (No such file or directory)
rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0
socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3
setsockopt(3, SOL_TCP, TCP_NODELAY, [22758447585951745], 4) = 0
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_INET, sin_port=htons(389),
sin_addr=inet_addr("10.100.0.202")}, 16) = -1 EINPROGRESS (Operation now in
progress)
select(1024, NULL, [3], NULL, NULL) = 1 (out [3])
getpeername(3, {sa_family=AF_INET, sin_port=htons(389),
sin_addr=inet_addr("10.100.0.202")}, [4294967312]) = 0
fcntl(3, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl(3, F_SETFL, O_RDWR) = 0
write(3, "0\35\2\1\1w\30\200\0261.3.6.1.4.1.1466.20037", 31) = 31
select(1024, [3], [], NULL, NULL) = 1 (in [3])
read(3, "0\f\2\1\1x\7\n", 8) = 8
read(3, "\1\0\4\0\4\0", 6) = 6
open("/etc/openldap/cacert.pem", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1265, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x2aaaaaaf7000
read(4, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1265
read(4, "", 4096) = 0
close(4) = 0
munmap(0x2aaaaaaf7000, 4096) = 0
open("/etc/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/openldap/cacert.pem", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0644, st_size=1265, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x2aaaaaaf7000
read(4, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1265
read(4, "", 4096) = 0
close(4) = 0
munmap(0x2aaaaaaf7000, 4096) = 0
brk(0x551000) = 0x551000
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = 4
select(5, [4], NULL, NULL, {0, 10000}) = 1 (in [4], left {0, 10000})
read(4, "\24\351\214V4\203\271\245\206q\246\2752\370\342\311\326"..., 32) = 32
close(4) = 0
getuid() = 0
write(3, "\200\214\1\3\1\0c\0\0\0 \0\0009\0\0008\0\0005\0\0\26\0"..., 142) = 142
read(3, "\25\3\1\0\2\2(", 7) = 7
brk(0x543000) = 0x543000
write(2, "ldap_start_tls: Connect error (-"..., 36) = 36
write(2, "\tadditional info: error:14077410"..., 99) = 99
exit_group(1)
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
