----- Original Message Follows ----- From: [EMAIL PROTECTED] To: [email protected] Subject: [ldap] Fighting with TLS since last 2 days; need ur help please Date: Tue, 06 Mar 2007 01:05:59 -0800
> Dear list, > > I have been fighting with TLS authentication for LDAP > since last two days and after getting no success I'm > writting this mail in hope to Dear list, I have finally solved the problem. I have opened the ldaps like /usr/lib/openldap/slapd -h ldaps://0.0.0.0:636/ -d 1 and then checked with *openssl s_client -connect localhost:636 -showcerts* and it shows the certificate :-) but in debug mode there is still an error like *connection_read(12): unable to get TLS client DN, error=49 id=0* so what may be the problem here ? More over the ldap clients can't bind with the ldap even after defining the port 636 in the client. thanks > get some help. I'm using openldap and I have already done > some R&D and here I'm giving the details of the work so > far. > > 1> I have generated a self-signed certificate with the > command > # openssl req -newkey rsa:1024 -x509 > -nodes -out server.pem -keyout server.pem -days 365 > > 2> I have modified the /etc/openldap/slapd.conf like > TLSCertificateFile > /etc/ssl/server.pem > TLSCertificateKeyFile > /etc/ssl/server.pem > TLSCACertificateFile > /etc/ssl/server.pem > > 3> Now I started slapd in debug mode like "slapd > -d 255" > > I can see that LDAP has opened a port at 389 ( > using nmap command in linux) > > 4> "ldapsearch -h localhost -p 389 -x -b "" -s base -LLL > -ZZ supportedSASLMechanisms" shows > dn: > supportedSASLMechanisms: > CRAM-MD5 > supportedSASLMechanisms: > DIGEST-MD5 > > 5> now " openssl s_client -connect localhost:389 > -showcerts -state -CAfile /etc/ssl/joydeep/joy/server.pem" > > shows > > CONNECTED(00000003) > SSL_connect:before/connect initialization > SSL_connect:SSLv2/v3 write client hello A > 24910:error:140790E5:SSL routines:SSL23_WRITE:ssl > handshake failure:s23_lib.c:188: > > 6> the message from "slapd -d 255" is > ber_get_next on fd 14 failed errno=34 > (Numerical result out of range) > > I have read some tutorial from the net and configured > accordingly but still have the same *ssl handshake > failure* > error. > > I really need some help to solve this. could any one > kindly show me the way ? > thanks. > > > > > > --- > You are currently subscribed to [email protected] as: > [EMAIL PROTECTED] To unsubscribe send email to > [EMAIL PROTECTED] with the word UNSUBSCRIBE as the > SUBJECT of the message. --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
