Been using iPlanet's Directory Server 4.11 on Solaris 2.8 in SSL mode for quite some time without trouble. I've just installed the new 4.13 Directory Server and have just enabled SSL and have begun testing. Here's the odd part. My PerLDAP scripts can connect via SSL to the 4.13 directory just fine, BUT standard application like IE Explorer, Netscape Navigator, Outlook Address Book, etc cannot seem to connect to securely. Now these are standard application with built in trusted certificates, and 4.13 is basically denying access to these clients. The access log shows the ssl bind attempt and a client timeout; no cipher errors. Client application perceive as is the ldap server doesn't even exist, since it receives no responce from the Directory. # this is me attempting to connect via IE, Netscape, Outlook [16/May/2001:09:29:48 -0700] conn=0 fd=29 slot=29 SSL connection from 128.32.10.168 to 128.32.25.21 [16/May/2001:09:29:50 -0700] conn=0 op=-1 fd=29 closed error -5961 (TCP connection reset by peer.) - B1 [16/May/2001:09:30:00 -0700] conn=1 fd=29 slot=29 SSL connection from 128.32.10.168 to 128.32.25.21 [16/May/2001:09:30:03 -0700] conn=1 op=-1 fd=29 closed error -5961 (TCP connection reset by peer.) - B1 [16/May/2001:09:30:15 -0700] conn=2 fd=29 slot=29 SSL connection from 128.32.10.168 to 128.32.25.21 [16/May/2001:09:30:17 -0700] conn=2 op=-1 fd=29 closed error -5961 (TCP connection reset by peer.) - B1 # this is me connecting via PerLDAP [16/May/2001:11:25:55 -0700] conn=3 fd=29 slot=29 SSL connection from 128.32.25.112 to 128.32.25.21 [16/May/2001:11:25:55 -0700] conn=3 SSL 128-bit RC4 [16/May/2001:11:25:55 -0700] conn=3 op=0 BIND dn="" method=128 version=2 [16/May/2001:11:25:55 -0700] conn=3 op=0 RESULT err=0 tag=97 nentries=0 etime=0 [16/May/2001:11:25:55 -0700] conn=3 op=1 SRCH base="ou=people,dc=berkeley,dc=edu" scope=2 filter="(uid=95088)" [16/May/2001:11:25:55 -0700] conn=3 op=1 RESULT err=0 tag=101 nentries=1 etime=0 [16/May/2001:11:25:55 -0700] conn=3 op=2 UNBIND [16/May/2001:11:25:55 -0700] conn=3 op=2 fd=29 closed - U1 In the past, I've never has to do anything to allow off-the-sheff applications to connect securely to the directory. Has this changed in 4.13? Has anyone else experienced this. I've been comparing my configurations via ldif between the 4.11 and 4.13 and can't seem to find any clues to this anomally. Any suggestions would be greatly appreciated!, Rob Chevalier [EMAIL PROTECTED] Unversity of California, Berkeley
