Are you sure client one (genoa) can get to port 636 on your server? Try getting there with a telnet.
On 4/2/06, Robert Fitzpatrick <[EMAIL PROTECTED]> wrote: > I posted this a week or more ago, but had to leave town and not able to > follow up. > > Don't know what I'm doing wrong with this one server, wondering if > someone could tell me what I am not thinking of... > > I have two clients on the same network trying to connect to an off > network server using TLS. Running the same command on both is successful > on one and not on the other. So, I copied the ldap.conf file AND the > cacert.pem file to the problem client with no help. I tried -ZZ and '-H > ldaps://servername:636/' options, while these work flawlessly from one > cient, the second cannot connect using the exact same command with the > exact same CA cert and ldap.conf files. Accessing the ldap server > without TLS works fine on both clients. Clients are FreeBSD 5.4 and > FreeBSD 6.0 servers with openldap 2.2.30 client port packages installed. > If the CA cert and ldap.conf has been tested to work OK, what else > should I be considering when trying to connect via TLS? I get no issues > in the debug.log of the server or client machine. > > >From client one: > genoa# ldapsearch -xZZ -h directory.webtent.net -b "dc=webtent,dc=net" > "(uid=robert)" mail > ldap_start_tls: Connect error (-11) > genoa# ldapsearch -x -H ldaps://directory.webtent.net:636/ -b > "dc=webtent,dc=net" "(uid=robert)" mail > ldap_bind: Can't contact LDAP server (-1) > genoa# ldapsearch -x -h directory.webtent.net -b "dc=webtent,dc=net" > "(uid=robert)" mail > # extended LDIF > # > # LDAPv3 > # base <dc=webtent,dc=net> with scope sub > # filter: (uid=robert) > # requesting: mail > # > > # Robert Fitzpatrick, People, webtent.net > dn: cn=Robert Fitzpatrick,ou=People,dc=webtent,dc=net > mail: [EMAIL PROTECTED] > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > >From client two: > esmtp# ldapsearch -x -H ldaps://directory.webtent.net:636/ -b > "dc=webtent,dc=net" "(uid=robert)" mail > # extended LDIF > # > # LDAPv3 > # base <dc=webtent,dc=net> with scope sub > # filter: (uid=robert) > # requesting: mail > # > > # Robert Fitzpatrick, People, webtent.net > dn: cn=Robert Fitzpatrick,ou=People,dc=webtent,dc=net > mail: [EMAIL PROTECTED] > > # search result > search: 2 > result: 0 Success > > # numResponses: 2 > # numEntries: 1 > > -- > Robert >
