[ldap] Re: RDN construction (was: Re: LDAPS Connection difficulties)

Peter Hawkins Sun, 01 Apr 2012 21:19:05 -0700

Hi All

Well I have now received back two new certificates - One for the CA and
one for the server and have got further.


I have the following in my config:

#REFERRALS off
TLS_REQCERT demand
TLS_CACERT /usr/local/etc/openldap/certs/CACert.pem
TLS_CERT /usr/local/etc/openldap/certs/eLearningCert.pem
--------------------------------------------------------------------------------------------------------

The client certificate has the following settings:

# openssl x509 -noout -subject -issuer -startdate -enddate -purpose -in
eLearningCert.pem 
subject= /C=AU/ST=NSW/O=Client Name/OU=ADLDS/CN=hostname.xx.yy.zz
issuer= /C=AU/ST=NSW/O=Client Name/OU=ADLDS/CN=hostname.xx.yy.zz
notBefore=Mar 30 03:36:03 2012 GMT
notAfter=Mar 29 03:36:03 2017 GMT
Certificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : Yes
S/MIME signing CA : No
S/MIME encryption : Yes
S/MIME encryption CA : No
CRL signing : Yes
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No

----------------------------------------------------

... and the server cert now lets me do an openssl -connect:

# openssl s_client -connect hostname.xx.yy.zz:636 -CAfile ./CACert.pem

<snip>
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID:
883200003EFF4BCF9270B58E6011F5D663F8080F807272CD666E3F30B0784693
    Session-ID-ctx: 
    Master-Key:
6940544B57F53FF74AF141AF324683BDBD5591FDFB68C72CCD78CC2B7C5C5B1D11C54F474925E26ED7310A92E3684D4F
    Key-Arg   : None
    Start Time: 1333338906
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
--------------------------------------------------------------------------------------------------------------------------

but... for some reason ldapwhoami still won't work. 

# ldapwhoami -x -D "[email protected]" -H
"ldaps://hostname.xx.yy.zz" -w #PassWord -d1

ldap_url_parse_ext(ldaps://hostname.xx.yy.zz)
ldap_create
ldap_url_parse_ext(ldaps://hostname.xx.yy.zz:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP hostame.xx.yy.zz:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.0.1:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 0,
subject: /C=AU/ST=NSW/O=Company Name/OU=ADLDS/CN=hostname.xx.yy.zz,
issuer: /C=AU/ST=NSW/O=Company Name/OU=ADLDS/CN=hostname.xx.yy.zz
TLS certificate verification: depth: 0, err: 0,
subject: /C=AU/ST=NSW/O=Essential Energy/OU=ADLDS/CN=hostname.xx.yy.zz,
issuer: /C=AU/ST=NSW/O=Company Name/OU=ADLDS/CN=hostname.x.yy.zz
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 60 bytes to sd 3
ldap_result ld 0x28422040 msgid 1
wait4msg ld 0x28422040 msgid 1 (infinite timeout)
wait4msg continue ld 0x28422040 msgid 1 all 1
** ld 0x28422040 Connections:
* host: hostname.xx.yy.zz  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Mon Apr  2 14:02:46 2012


** ld 0x28422040 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x28422040 request count 1 (abandoned 0)
** ld 0x28422040 Response Queue:
   Empty
  ld 0x28422040 response count 0
ldap_chkResponseList ld 0x28422040 msgid 1 all 1
ldap_chkResponseList returns ld 0x28422040 NULL
ldap_int_select
read1msg: ld 0x28422040 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 105 contents:
read1msg: ld 0x28422040 msgid 1 message type bind
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x28422040 0 new referrals
read1msg:  mark request completed, ld 0x28422040 msgid 1
request done: ld 0x28422040 msgid 1
res_errno: 49, res_error: <8009030C: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 2030, v1db1>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_err2string
ldap_bind: Invalid credentials (49)
        additional info: 8009030C: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 2030, v1db1

[ldap] Re: RDN construction (was: Re: LDAPS Connection difficulties)

Reply via email to