On Fri, May 20, 2011 at 8:40 AM, David Dumortier <[email protected]> wrote: >> With what command-line arguments/options (specifically, what values provided >> to -h option)? > > cat /etc/default/slapd : > SLAPD_SERVICES="ldapi:/// ldaps:///" >
Thist enable only SSL port (636), TLS on 389 isn't available. >> Before doing this, did you verify that slapd is actually listening for ldaps >> on port 636? >> >> I suspect you are running ldap:// on port 636. > > ldapsearch -W -H ldap://myip:636/ > ldap_result: Can't contact LDAP server (-1) > No, -H ldaps://myip:636/ (to SSL/ldaps). > ldapsearch -W -H ldaps://myip/ > TLS: can't connect: Error in the push function.. > ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) > No, this will connect on default port 389 with SSL/ldaps, isn't what you want. > ldapsearch -ZZW -H ldaps://myip/ > TLS: can't connect: Error in the push function.. > ldap_start_tls: Can't contact LDAP server (-1) > additional info: Error in the push function. > No, this you need choose TLS (-Z) ou SSL (-H ldaps://...), not both. -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "While not fully understand a software, don't try to adapt this software to the way you work, but rather yourself to the way the software works" (myself)
