I'm trying to configure TLS to verify the server cert. It's failing
with this:
]# ldapsearch -Z -h throne.cis.uab.edu -x
ldap_start_tls: Connect error (91)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ldap_bind: Can't contact LDAP server (81)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[EMAIL PROTECTED] openldap]#
The slapd.conf looks like this:
TLSCipherSuite HIGH:MEDIUM:TLSv1:+SSLv2
TLSCACertificateFile /var/lib/ldap/cacert.pem
TLSCertificateFile /var/lib/ldap/servercrt.pem
TLSCertificateKeyFile /var/lib/ldap/serverkey.pem
TLSVerifyClient never
The cacert.pem on the LDAP server looks like this:
# openssl x509 -in /var/lib/ldap/cacert.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bb:a4:d8:3d:df:04:83:41
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=UAB CIS Certificate Authority, ST=Alabama,
C=US/[EMAIL PROTECTED], O=UAB CIS Certificate Authority
Validity
Not Before: Mar 13 17:49:53 2006 GMT
Not After : Mar 12 17:49:53 2011 GMT
Subject: CN=UAB CIS Certificate Authority, ST=Alabama,
C=US/[EMAIL PROTECTED], O=UAB CIS Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a3:83:b5:b0:a8:8b:4a:14:c7:17:71:74:4a:e1:
da:1f:bd:d8:5d:a5:d9:30:ce:34:f4:76:78:92:89:
ea:40:2c:e5:b0:f5:fb:aa:a0:78:47:51:81:b3:b6:
a1:20:a5:49:64:d7:ac:31:aa:6e:3b:8d:57:c0:94:
f4:ee:ef:47:c8:0e:3d:59:5b:28:bc:4d:60:2d:af:
1a:f8:ab:c4:d0:76:ab:36:1e:97:ec:23:db:4c:56:
9f:51:c6:77:46:9b:ac:ab:21:83:17:97:31:b7:e0:
b5:0c:a0:3f:f1:14:94:51:cd:50:c2:80:5f:48:74:
47:72:68:f0:0b:2f:1c:0d:7b:50:73:27:3b:71:80:
ba:85:02:3e:02:c2:f3:fe:dd:7e:af:16:8e:f0:68:
24:c7:6f:16:5f:a7:fc:9f:77:12:12:e9:5e:5c:1c:
90:cb:60:5c:73:6d:c0:48:94:05:cd:01:d3:74:32:
d6:e5:15:5f:e9:ac:2e:56:a5:63:9c:fb:0a:e1:1d:
d5:9c:0b:9e:fa:da:99:48:ac:87:73:d4:4d:ec:3b:
df:b0:82:02:50:7b:9f:05:97:b9:96:87:38:d2:49:
54:66:c3:1c:21:67:60:50:7f:3f:6a:c8:8e:18:62:
d9:e6:21:aa:fe:ef:e8:da:9b:ec:ab:b9:39:ae:1f:
39:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
16:98:bc:a3:b6:77:76:22:43:47:93:7c:3e:fa:b8:f5:97:89:
d3:8a:59:9a:1f:bf:dc:6c:5b:9d:53:77:b4:5a:e7:e0:4d:f8:
5d:7f:37:dd:6e:3d:1a:ca:38:f9:e0:c2:dd:37:91:76:08:f3:
b9:9b:47:67:cb:ca:42:9f:d4:e0:e6:ab:57:0c:1f:23:5f:ab:
80:02:92:29:29:d7:39:47:f2:59:ac:ca:77:d8:38:8f:24:61:
40:ba:fb:b7:0f:c3:47:98:1c:33:57:ab:b7:0a:7f:46:df:89:
1e:9e:cc:90:49:a2:cb:bc:5e:8b:9d:29:04:6c:85:8b:62:83:
3a:44:a5:18:02:71:04:96:9a:8a:d0:47:7f:41:bc:1a:e2:bc:
7f:9d:f3:3f:e5:ff:84:11:6e:7f:6d:56:40:c9:ec:35:0c:c4:
1b:6a:29:df:d9:97:70:50:60:86:46:5a:11:45:ef:5f:84:62:
36:fd:26:b3:ef:20:22:26:92:a0:72:22:62:24:b3:c0:42:d5:
09:15:29:38:2e:19:97:5a:08:7e:7b:1e:3b:92:4e:23:91:b5:
c4:85:70:73:ad:2a:07:c3:8e:7a:08:cc:db:37:2d:f3:34:61:
62:df:e3:e7:23:61:aa:4f:30:39:5e:f9:bf:f2:e4:8a:71:fd:
88:91:d6:cb
-----BEGIN CERTIFICATE-----
MIIDuTCCAqGgAwIBAgIJALuk2D3fBINBMA0GCSqGSIb3DQEBBAUAMIGSMSYwJAYD
VQQDEx1VQUIgQ0lTIENlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UECBMHQWxh
YmFtYTELMAkGA1UEBhMCVVMxITAfBgkqhkiG9w0BCQEWEnN5c2FkbUBjaXMudWFi
LmVkdTEmMCQGA1UEChMdVUFCIENJUyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcN
MDYwMzEzMTc0OTUzWhcNMTEwMzEyMTc0OTUzWjCBkjEmMCQGA1UEAxMdVUFCIENJ
UyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAgTB0FsYWJhbWExCzAJBgNV
BAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJzeXNhZG1AY2lzLnVhYi5lZHUxJjAkBgNV
BAoTHVVBQiBDSVMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAo4O1sKiLShTHF3F0SuHaH73YXaXZMM409HZ4konq
QCzlsPX7qqB4R1GBs7ahIKVJZNesMapuO41XwJT07u9HyA49WVsovE1gLa8a+KvE
0HarNh6X7CPbTFafUcZ3RpusqyGDF5cxt+C1DKA/8RSUUc1QwoBfSHRHcmjwCy8c
DXtQcyc7cYC6hQI+AsLz/t1+rxaO8Ggkx28WX6f8n3cSEuleXByQy2Bcc23ASJQF
zQHTdDLW5RVf6awuVqVjnPsK4R3VnAue+tqZSKyHc9RN7DvfsIICUHufBZe5loc4
0klUZsMcIWdgUH8/asiOGGLZ5iGq/u/o2pvsq7k5rh85hwIDAQABoxAwDjAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IBAQAWmLyjtnd2IkNHk3w++rj1l4nT
ilmaH7/cbFudU3e0WufgTfhdfzfdbj0ayjj54MLdN5F2CPO5m0dny8pCn9Tg5qtX
DB8jX6uAApIpKdc5R/JZrMp32DiPJGFAuvu3D8NHmBwzV6u3Cn9G34kensyQSaLL
vF6LnSkEbIWLYoM6RKUYAnEElpqK0Ed/Qbwa4rx/nfM/5f+EEW5/bVZAyew1DMQb
ainf2ZdwUGCGRloRRe9fhGI2/Saz7yAiJpKgciJiJLPAQtUJFSk4LhmXWgh+ex47
kk4jkbXEhXBzrSoHw456CMzbNy3zNGFi3+PnI2GqTzA5Xvm/8uSKcf2IkdbL
-----END CERTIFICATE-----
The servercrt.pem on the LDAP server looks like this:
# openssl x509 -in /var/lib/ldap/servercrt.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5 (0x5)
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=UAB CIS Certificate Authority, ST=Alabama,
C=US/[EMAIL PROTECTED], O=UAB CIS Certificate Authority
Validity
Not Before: Apr 14 00:05:31 2006 GMT
Not After : Apr 13 00:05:31 2011 GMT
Subject: CN=throne.cis.uab.edu, ST=Alabama,
C=US/[EMAIL PROTECTED], O=UAB, OU=CIS
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ba:3f:bd:73:ef:59:8e:e5:d5:23:26:7f:3b:86:
40:87:78:b0:9e:64:a6:fc:dc:a9:67:04:ce:cd:c5:
55:6f:48:06:44:ab:74:b9:b5:87:4b:17:aa:7a:8c:
8a:d7:3c:13:ef:c6:2d:9b:01:63:bb:87:24:6f:61:
b7:ba:cd:0a:0d:bf:fa:76:83:c4:ba:4f:6f:c9:6e:
74:99:30:d6:a6:63:9f:cf:a3:8e:e4:ab:d4:35:3d:
0e:c2:1c:7c:07:7b:c0:32:b4:e6:5f:49:cc:68:bd:
ef:59:26:1f:9b:2f:9a:91:eb:50:ed:aa:f9:4e:e2:
df:0c:0d:f5:ec:28:08:4f:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:helpdesk.cis.uab.edu
X509v3 Basic Constraints:
CA:FALSE
Netscape Cert Type:
SSL Server
Signature Algorithm: md5WithRSAEncryption
61:b3:b1:ee:38:9f:b7:36:2d:74:51:51:69:09:af:02:33:3a:
c2:97:ce:19:1c:78:4b:89:8b:b9:20:f6:8e:aa:f2:9c:06:65:
de:6c:fc:ef:7a:79:8e:c9:4c:46:a0:ae:8e:40:65:db:79:6c:
b6:38:67:1b:8f:4b:e1:e3:c9:3a:f2:c5:94:b0:5e:ce:ab:08:
bf:23:3b:6c:4c:f7:f9:8f:e1:a3:ad:cc:e9:9f:5c:1d:1e:2e:
b6:3e:b0:64:ca:5d:1b:23:5e:17:4c:39:3e:c4:ab:03:0d:d3:
7c:14:9c:db:e3:04:cb:5f:b0:5b:d6:44:56:a8:8b:a6:9b:0c:
0f:0c:99:35:ec:db:fb:1f:79:b2:c0:ed:4b:46:44:42:fb:16:
70:7f:80:52:87:2c:55:94:4f:75:47:79:6c:ad:0b:52:26:a5:
32:01:a2:10:34:5a:bb:c4:54:0f:42:9b:5d:5c:d8:7b:97:05:
32:e7:17:5f:6e:5a:d0:e0:ba:0e:37:36:01:86:05:33:1e:16:
94:17:66:5c:f1:48:11:13:29:dd:9c:56:c6:21:e5:fd:62:80:
ce:16:e0:32:77:6b:b1:38:43:87:91:18:b7:3c:12:c5:0e:c0:
1e:fb:cb:fe:45:55:2a:40:cf:8c:5a:f4:ad:ec:aa:d9:7d:58:
bc:c5:b3:26
-----BEGIN CERTIFICATE-----
MIIDRjCCAi6gAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBkjEmMCQGA1UEAxMdVUFC
IENJUyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAgTB0FsYWJhbWExCzAJ
BgNVBAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJzeXNhZG1AY2lzLnVhYi5lZHUxJjAk
BgNVBAoTHVVBQiBDSVMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA2MDQxNDAw
MDUzMVoXDTExMDQxMzAwMDUzMVowezEbMBkGA1UEAxMSdGhyb25lLmNpcy51YWIu
ZWR1MRAwDgYDVQQIEwdBbGFiYW1hMQswCQYDVQQGEwJVUzEhMB8GCSqGSIb3DQEJ
ARYSc3lzYWRtQGNpcy51YWIuZWR1MQwwCgYDVQQKEwNVQUIxDDAKBgNVBAsTA0NJ
UzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuj+9c+9ZjuXVIyZ/O4ZAh3iw
nmSm/NypZwTOzcVVb0gGRKt0ubWHSxeqeoyK1zwT78YtmwFju4ckb2G3us0KDb/6
doPEuk9vyW50mTDWpmOfz6OO5KvUNT0Owhx8B3vAMrTmX0nMaL3vWSYfmy+aketQ
7ar5TuLfDA317CgIT+ECAwEAAaNBMD8wHwYDVR0RBBgwFoIUaGVscGRlc2suY2lz
LnVhYi5lZHUwCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcN
AQEEBQADggEBAGGzse44n7c2LXRRUWkJrwIzOsKXzhkceEuJi7kg9o6q8pwGZd5s
/O96eY7JTEagro5AZdt5bLY4ZxuPS+HjyTryxZSwXs6rCL8jO2xM9/mP4aOtzOmf
XB0eLrY+sGTKXRsjXhdMOT7EqwMN03wUnNvjBMtfsFvWRFaoi6abDA8MmTXs2/sf
ebLA7UtGREL7FnB/gFKHLFWUT3VHeWytC1ImpTIBohA0WrvEVA9Cm11c2HuXBTLn
F19uWtDgug43NgGGBTMeFpQXZlzxSBETKd2cVsYh5f1igM4W4DJ3a7E4Q4eRGLc8
EsUOwB77y/5FVSpAz4xa9K3sqtl9WLzFsyY=
-----END CERTIFICATE-----
An attempt to verify on the LDAP server is ok...
# openssl verify -CAfile /var/lib/ldap/cacert.pem -purpose sslserver
/var/lib/ldap/servercrt.pem
/var/lib/ldap/servercrt.pem: OK
The cacert.pem on the client looks like this:
# pwd
/etc/openldap/cacerts
# ls -l
total 4
-rw-r--r-- 1 root root 1350 Aug 31 14:40 cacert.pem
# openssl x509 -in cacert.pem -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
bb:a4:d8:3d:df:04:83:41
Signature Algorithm: md5WithRSAEncryption
Issuer: CN=UAB CIS Certificate Authority, ST=Alabama,
C=US/[EMAIL PROTECTED], O=UAB CIS Certificate Authority
Validity
Not Before: Mar 13 17:49:53 2006 GMT
Not After : Mar 12 17:49:53 2011 GMT
Subject: CN=UAB CIS Certificate Authority, ST=Alabama,
C=US/[EMAIL PROTECTED], O=UAB CIS Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:a3:83:b5:b0:a8:8b:4a:14:c7:17:71:74:4a:e1:
da:1f:bd:d8:5d:a5:d9:30:ce:34:f4:76:78:92:89:
ea:40:2c:e5:b0:f5:fb:aa:a0:78:47:51:81:b3:b6:
a1:20:a5:49:64:d7:ac:31:aa:6e:3b:8d:57:c0:94:
f4:ee:ef:47:c8:0e:3d:59:5b:28:bc:4d:60:2d:af:
1a:f8:ab:c4:d0:76:ab:36:1e:97:ec:23:db:4c:56:
9f:51:c6:77:46:9b:ac:ab:21:83:17:97:31:b7:e0:
b5:0c:a0:3f:f1:14:94:51:cd:50:c2:80:5f:48:74:
47:72:68:f0:0b:2f:1c:0d:7b:50:73:27:3b:71:80:
ba:85:02:3e:02:c2:f3:fe:dd:7e:af:16:8e:f0:68:
24:c7:6f:16:5f:a7:fc:9f:77:12:12:e9:5e:5c:1c:
90:cb:60:5c:73:6d:c0:48:94:05:cd:01:d3:74:32:
d6:e5:15:5f:e9:ac:2e:56:a5:63:9c:fb:0a:e1:1d:
d5:9c:0b:9e:fa:da:99:48:ac:87:73:d4:4d:ec:3b:
df:b0:82:02:50:7b:9f:05:97:b9:96:87:38:d2:49:
54:66:c3:1c:21:67:60:50:7f:3f:6a:c8:8e:18:62:
d9:e6:21:aa:fe:ef:e8:da:9b:ec:ab:b9:39:ae:1f:
39:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
16:98:bc:a3:b6:77:76:22:43:47:93:7c:3e:fa:b8:f5:97:89:
d3:8a:59:9a:1f:bf:dc:6c:5b:9d:53:77:b4:5a:e7:e0:4d:f8:
5d:7f:37:dd:6e:3d:1a:ca:38:f9:e0:c2:dd:37:91:76:08:f3:
b9:9b:47:67:cb:ca:42:9f:d4:e0:e6:ab:57:0c:1f:23:5f:ab:
80:02:92:29:29:d7:39:47:f2:59:ac:ca:77:d8:38:8f:24:61:
40:ba:fb:b7:0f:c3:47:98:1c:33:57:ab:b7:0a:7f:46:df:89:
1e:9e:cc:90:49:a2:cb:bc:5e:8b:9d:29:04:6c:85:8b:62:83:
3a:44:a5:18:02:71:04:96:9a:8a:d0:47:7f:41:bc:1a:e2:bc:
7f:9d:f3:3f:e5:ff:84:11:6e:7f:6d:56:40:c9:ec:35:0c:c4:
1b:6a:29:df:d9:97:70:50:60:86:46:5a:11:45:ef:5f:84:62:
36:fd:26:b3:ef:20:22:26:92:a0:72:22:62:24:b3:c0:42:d5:
09:15:29:38:2e:19:97:5a:08:7e:7b:1e:3b:92:4e:23:91:b5:
c4:85:70:73:ad:2a:07:c3:8e:7a:08:cc:db:37:2d:f3:34:61:
62:df:e3:e7:23:61:aa:4f:30:39:5e:f9:bf:f2:e4:8a:71:fd:
88:91:d6:cb
-----BEGIN CERTIFICATE-----
MIIDuTCCAqGgAwIBAgIJALuk2D3fBINBMA0GCSqGSIb3DQEBBAUAMIGSMSYwJAYD
VQQDEx1VQUIgQ0lTIENlcnRpZmljYXRlIEF1dGhvcml0eTEQMA4GA1UECBMHQWxh
YmFtYTELMAkGA1UEBhMCVVMxITAfBgkqhkiG9w0BCQEWEnN5c2FkbUBjaXMudWFi
LmVkdTEmMCQGA1UEChMdVUFCIENJUyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcN
MDYwMzEzMTc0OTUzWhcNMTEwMzEyMTc0OTUzWjCBkjEmMCQGA1UEAxMdVUFCIENJ
UyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEDAOBgNVBAgTB0FsYWJhbWExCzAJBgNV
BAYTAlVTMSEwHwYJKoZIhvcNAQkBFhJzeXNhZG1AY2lzLnVhYi5lZHUxJjAkBgNV
BAoTHVVBQiBDSVMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAo4O1sKiLShTHF3F0SuHaH73YXaXZMM409HZ4konq
QCzlsPX7qqB4R1GBs7ahIKVJZNesMapuO41XwJT07u9HyA49WVsovE1gLa8a+KvE
0HarNh6X7CPbTFafUcZ3RpusqyGDF5cxt+C1DKA/8RSUUc1QwoBfSHRHcmjwCy8c
DXtQcyc7cYC6hQI+AsLz/t1+rxaO8Ggkx28WX6f8n3cSEuleXByQy2Bcc23ASJQF
zQHTdDLW5RVf6awuVqVjnPsK4R3VnAue+tqZSKyHc9RN7DvfsIICUHufBZe5loc4
0klUZsMcIWdgUH8/asiOGGLZ5iGq/u/o2pvsq7k5rh85hwIDAQABoxAwDjAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4IBAQAWmLyjtnd2IkNHk3w++rj1l4nT
ilmaH7/cbFudU3e0WufgTfhdfzfdbj0ayjj54MLdN5F2CPO5m0dny8pCn9Tg5qtX
DB8jX6uAApIpKdc5R/JZrMp32DiPJGFAuvu3D8NHmBwzV6u3Cn9G34kensyQSaLL
vF6LnSkEbIWLYoM6RKUYAnEElpqK0Ed/Qbwa4rx/nfM/5f+EEW5/bVZAyew1DMQb
ainf2ZdwUGCGRloRRe9fhGI2/Saz7yAiJpKgciJiJLPAQtUJFSk4LhmXWgh+ex47
kk4jkbXEhXBzrSoHw456CMzbNy3zNGFi3+PnI2GqTzA5Xvm/8uSKcf2IkdbL
-----END CERTIFICATE-----
The client has in /etc/openldap/ldap.conf:
tls_reqcert try
TLS_CACERTDIR /etc/openldap/cacerts
It looks like everything is in order. An strace of the ldapsearch
command shows this:
[SNIP]
open("/etc/openldap/cacerts",
O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 4
fstat64(4, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
fcntl64(4, F_SETFD, FD_CLOEXEC) = 0
getdents64(4, /* 3 entries */, 4096) = 80
open("/etc/openldap/cacerts/.", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7f4b000
read(5, 0xb7f4b000, 4096) = -1 EISDIR (Is a directory)
close(5) = 0
munmap(0xb7f4b000, 4096) = 0
open("/etc/openldap/cacerts/cacert.pem", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFREG|0644, st_size=1350, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7f4b000
read(5, "-----BEGIN CERTIFICATE-----\nMIID"..., 4096) = 1350
read(5, "", 4096) = 0
close(5) = 0
munmap(0xb7f4b000, 4096) = 0
open("/etc/openldap/cacerts/..", O_RDONLY) = 5
fstat64(5, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7f4b000
read(5, 0xb7f4b000, 4096) = -1 EISDIR (Is a directory)
close(5) = 0
munmap(0xb7f4b000, 4096) = 0
getdents64(4, /* 0 entries */, 4096) = 0
close(4) = 0
time(NULL) = 1157053620
open("/dev/urandom", O_RDONLY|O_NONBLOCK|O_NOCTTY) = 4
select(5, [4], NULL, NULL, {0, 10000}) = 1 (in [4], left {0, 10000})
read(4, "\30\227\"!*\360\313\202\214\243 \231\35\33F\270!j\2139"..., 32)
= 32
close(4) = 0
getuid32() = 0
time(NULL) = 1157053620
write(3, "\200\214\1\3\1\0c\0\0\0 \0\0009\0\0008\0\0005\0\0\26\0"...,
142) = 142
read(3, "\26\3\1\0J\2\0", 7) = 7
time(NULL) = 1157053620
time(NULL) = 1157053620
read(3, "\0F\3\1D\367<[EMAIL PROTECTED] \6"..., 72)
= 72
read(3, "\26\3\1\7\24", 5) = 5
read(3, "\v\0\7\20\0\7\r\0\3J0\202\3F0\202\2.\240\3\2\1\2\2\1\005"...,
1812) = 1812
stat64("/etc/openldap/cacerts/df5d8168.0", 0xbff76e5c) = -1 ENOENT (No
such file or directory)
stat64("/usr/share/ssl/certs/df5d8168.0", 0xbff76e5c) = -1 ENOENT (No
such file or directory)
write(3, "\25\3\1\0\2\0020", 7) = 7
write(2, "ldap_start_tls: Connect error (9"..., 35) = 35
write(2, "\tadditional info: error:14090086"..., 100) = 100
time(NULL) = 1157053620
write(3, "0\f\2\1\2`\7\2\1\3\4\0\200\0", 14) = 14
select(1024, [3], [], NULL, NULL) = 1 (in [3])
read(3, "\26\3\1\0\4\16\0\0", 8) = 8
write(2, "ldap_bind: Can\'t contact LDAP se"..., 42) = 42
write(2, "\tadditional info: error:14090086"..., 100) = 100
exit_group(1) = ?
Any idea what I missed? I'm guessing it is something simple. The
server and client are both Fedora Core 4.
Thanks,
Fran
--
Fran Fabrizio
Senior Systems Analyst
Department of Computer and Information Sciences
University of Alabama at Birmingham
http://www.cis.uab.edu/
205.934.0653
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.