On Sun, 2006-04-02 at 12:55 -0700, Howard Chu wrote: > Robert Fitzpatrick wrote: > > I posted this a week or more ago, but had to leave town and not able to > > follow up. > > > > Like I said in my last reply, show us the debug output from the failed > client. I.e., run the client with -d7. Posting the same information > twice is just wasting our time. >
Sorry, don't remember you mentioning the -d7 option, I guess 'man ldapsearch' would have helped, huh. Anyway, I thought you were talking about the debug log.... Running with the debug option it is obvious the cert the command is trying to use is not correct... genoa# ldapsearch -xZZ -d7 -h directory.webtent.net -b "dc=webtent,dc=net" "(uid=robert)" mail ldap_create ldap_url_parse_ext(ldap://directory.webtent.net) ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection ldap_int_open_connection ldap_connect_to_host: TCP directory.webtent.net:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 208.38.145.3:389 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_ndelay_on: 3 ldap_is_sock_ready: 3 ldap_ndelay_off: 3 ldap_open_defconn: successful ldap_send_server_request ber_flush: 31 bytes to sd 3 0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ldap_write: want=31, written=31 0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1 0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037 ldap_result msgid 1 ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL wait4msg (infinite timeout), msgid 1 wait4msg continue, msgid 1, all 1 ** Connections: * host: directory.webtent.net port: 389 (default) refcnt: 2 status: Connected last used: Sun Apr 9 13:52:24 2006 ** Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL ldap_int_select read1msg: msgid 1, all 1 ber_get_next ldap_read: want=8, got=8 0000: 30 0c 02 01 01 78 07 0a 0....x.. ldap_read: want=6, got=6 0000: 01 00 04 00 04 00 ...... ber_get_next: tag 0x30 len 12 contents: ldap_read: message type extended-result msgid 1, original id 1 ber_scanf fmt ({iaa) ber: read1msg: 0 new referrals read1msg: mark request completed, id = 1 request 1 done res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection ldap_free_connection: refcnt 1 ldap_parse_extended_result ber_scanf fmt ({iaa) ber: ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt (}) ber: ldap_msgfree, TLS: could not use key file `/home/robert/certs/webtent.org-key.pem'. TLS: error:02001002:system library:fopen:No such file or directory bss_file.c:349 TLS: error:20074002:BIO routines:FILE_CTRL:system lib bss_file.c:351 TLS: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib ssl_rsa.c:648 ldap_perror ldap_start_tls: Connect error (-11) genoa# The thing I cannot figure out is where it is getting this from, I have checked /etc/ldap.conf, which is a symlink to /usr/local/etc/ldap.conf and even my nss_ldap.conf. I did 'grep -r webtent.org-key.pem' on both of these etc directories and nothing. There is no folder /home/robert/certs at all. Where is this coming from? -- Robert -- Robert
