> terry.lem...@dell.com wrote: > > > > I've followed the instructions in > > https://www.openldap.org/doc/admin26/quickstart.html to deploy openldap > > 2.6.4 on a SLES 15 SP4 system. Once I confirmed that this was working > > correctly, I moved on to configure TLS, following the instructions in > > https://www.openldap.org/doc/admin26/tls.html. When I try a connection to > > the LDAPS port (636), I see the following: > > > > ldpdd040:~ # openssl s_client -connect ldpdd042.hop.lab.emc.com:636 > > If you're going to use openssl s_client you also need to tell it which CA > and/or server certs to trust. > I'd start with using ldapsearch -d -1 instead. > > > CONNECTED(00000003) > > 139702302594704:error:140790E5:SSL routines:ssl23_write:ssl handshake > > failure:s23_lib.c:177: > > --- > > no peer certificate available > > --- > > No client certificate CA names sent > > --- > > SSL handshake has read 0 bytes and written 293 bytes > > --- > > New, (NONE), Cipher is (NONE) > > Secure Renegotiation IS NOT supported > > Compression: NONE > > Expansion: NONE > > No ALPN negotiated > > SSL-Session: > > Protocol : TLSv1.2 > > Cipher : 0000 > > Session-ID: > > Session-ID-ctx: > > Master-Key: > > Key-Arg : None > > PSK identity: None > > PSK identity hint: None > > SRP username: None > > Start Time: 1683823897 > > Timeout : 300 (sec) > > Verify return code: 0 (ok)
The '0 bytes read' keeps bothering me. Is there a firewall on the machine? Maybe a WAF with knowledge of ldap? If it was a regular firewall, the connection would not be setup. Things would fail immediately before the client tries the handshake. A WAF might allow the connection to succeed, but then filter the response. That might explain the 0 bytes read. Jeff
