[ldap] Re: TLS negotiation failure

Tue, 06 Mar 2007 21:05:16 -0800 

----- Original Message Follows -----
From: Hallvard B Furuseth <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [email protected]
Subject: Re: [ldap] TLS negotiation failure
Date: Tue, 6 Mar 2007 13:50:25 +0100

> [EMAIL PROTECTED] writes:
> > I have a running ldap with TLS support.  I have checked 
> > the certificate at port636 with the openssl command and
> > it is working well.  now in my php-ladp-admin I have
> > also set the port at 636 but it can't bind with the ldap
> > now. I have checked the log and it shows *TLS
> > negotiation failure* 
> 
> My guess: You are trying to speak the LDAP protocol to
> port 636.  Don't. Either use StartTLS against port 389
> (with the LDAP protocol and maybe an 'ldap:' URL), or use
> an 'ldaps:' URL against port 636.
> 
> Port 389 expects the LDAP protocol, and StartTLS is an
> LDAP operation sent over this protocol which makes the
> connection switch to TLS.
> 
> Port 636 expects the TLS protocol and LDAP inside that -
> i.e. the 'ldaps' protocol, as if StartTLS had already been
> sent.
> 
> A client should deduce the default port number from the
> protocol (ldap or ldaps), not the protocol from the port
> number.
> 
Thanks Hallvard. I have started ldaps like   *slapd -h
ldaps://0.0.0.0:636/ -d 1* so ldaps on port636

here is the config.php of php-ldap-admin

=================================================
<?php

//$config->custom->debug['level'] = 255;
//$config->custom->debug['file'] = '/tmp/pla_debug.log';

/*********************************************/
/* Define your LDAP servers in this section  */
/*********************************************/

$i=0;
$ldapservers = new LDAPServers;
$ldapservers->SetValue($i,'server','name','Linux LDAP');
$ldapservers->SetValue($i,'server','host','127.0.0.1');
$ldapservers->SetValue($i,'server','port','636');
$ldapservers->SetValue($i,'server','base',array('dc=kolkatainfoservices
,dc=in'));
$ldapservers->SetValue($i,'server','auth_type','config');
$ldapservers->SetValue($i,'login','dn','cn=Manager,dc=kolkatainfoservices
,dc=in');
$ldapservers->SetValue($i,'login','pass','secret');
$ldapservers->SetValue($i,'server','tls',true);

?>
===============================================================

notice here the port I have set to 636 and tle is true BUT
still no sucess. the I also check by tls false and no
success :-(
do u think I also need to tweak the  /etc/lda.conf ?

thanks and have a nice time.
> -- 
> Regards,
> Hallvard

---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the 
SUBJECT of the message.

Reply via email to