Dear list,
I have been fighting with TLS authentication for LDAP since
last two days and after getting no success I'm writting this
mail in hope to
get some help. I'm using openldap and I have already done
some R&D and here I'm giving the details of the work so far.
1> I have generated a self-signed certificate with the
command
# openssl req -newkey rsa:1024 -x509
-nodes -out server.pem -keyout server.pem -days 365
2> I have modified the /etc/openldap/slapd.conf like
TLSCertificateFile
/etc/ssl/server.pem
TLSCertificateKeyFile
/etc/ssl/server.pem
TLSCACertificateFile
/etc/ssl/server.pem
3> Now I started slapd in debug mode like "slapd
-d 255"
I can see that LDAP has opened a port at 389 (
using nmap command in linux)
4> "ldapsearch -h localhost -p 389 -x -b "" -s base -LLL
-ZZ supportedSASLMechanisms" shows
dn:
supportedSASLMechanisms:
CRAM-MD5
supportedSASLMechanisms:
DIGEST-MD5
5> now " openssl s_client -connect localhost:389
-showcerts -state -CAfile /etc/ssl/joydeep/joy/server.pem"
shows
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
24910:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
6> the message from "slapd -d 255" is
ber_get_next on fd 14 failed errno=34
(Numerical result out of range)
I have read some tutorial from the net and configured
accordingly but still have the same *ssl handshake failure*
error.
I really need some help to solve this. could any one kindly
show me the way ?
thanks.
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
