-Kyle H
On May 29, 2009, at 9:52 PM, John Kane wrote:
Thanks for the response, Kyle.I've pretty much deduced what the error is, but just cannot figure out where it is coming from. It only happens when I turn on TLS for LDAP. There are really no 'variables' defined in the LDAP configs; nothing using the '[ "$blah" = blahblah ] syntax....that is why I turned to this list hoping to find what other file (non-ldap) might be read ONLY when I had the 'ssl start_tls' set in my ldap config.John-----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl- us...@openssl.org] On Behalf Of Kyle Hamilton Sent: Friday, May 29, 2009 10:19 PM To: openssl-users@openssl.org Subject: Re: TLS w/LDAP That's an error in the script you're launching at startup. I don't know what it is, but I'd bet there's an unquoted '[' character somewhere that is only evaluated when TLS LDAP is enabled. (see the '-bash: ' at the beginning of the line? That tells you that bash is generating the error message.) -Kyle H On Fri, May 29, 2009 at 1:34 PM, John Kane <john.k...@prodeasystems.com> wrote:I just turned on TLS on my LDAP (per instructions on http://www.openldap.org/faq/data/cache/185.html). Now all of myLinuxservers give the following error on login: -bash: [: =: unary operator expected The error goes away when I turn TLS back off. I cannot determinewhatis causing this error, or even which file contains the error. I'vegonethrough my LDAP config file, cannot find an issue in any of these. Other than my cacert.pem, and the LDAP config files, are there other files that are read only when TLS is turned on? Thanks, John ++++ Here's my configs ++++ I turn on TLS by adding the following in my /etc/ldap.conf (pam/nss file): ssl start_tls tls_checkpeer yes tls_cacertfile /etc/openldap/cacerts/cacert.pem tls_cacertdir /etc/openldap/cacerts/and have the following in my /etc/openldap/ldap.conf (openldap file):HOST 172.25.3.97 BASE dc=example,dc=net TLS_CACERTDIR /etc/openldap/cacerts/ TLS_REQCERT allow and my (self-signed) cacert: [r...@serverx cacerts]# openssl x509 -text -in /etc/openldap/cacerts/cacert.pem Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Utah, O=Bigtime CA, OU=Signers,CN=IntegrationRoot CA/emailaddress=john.sm...@myco.com Validity Not Before: May 28 04:37:13 2009 GMT Not After : May 27 04:37:13 2012 GMT Subject: C=US, ST=Utah, O=Bigtime CA, OU=Signers,CN=IntegrationRoot CA/emailaddress=john.sm...@myco.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b3:bf:f0:18:5d:7e:57:0a:ce:15:3c:28:2a:81: 6d:e6:c5:31:98:7e:cc:09:03:d2:28:f2:33:3e:88: 11:5f:7d:e1:18:33:38:7d:f5:fa:9d:89:a8:95:16: 08:00:81:08:29:ac:37:b3:b1:2b:f3:20:52:15:d7: 19:44:92:9c:45:e7:2e:58:fe:7e:07:d4:1f:5a:ad: 59:91:37:84:14:a8:4e:df:54:a2:62:66:38:9b:f0: cf:48:01:68:0d:3a:7c:93:83:02:48:e0:76:a1:5c: f9:05:3b:49:1e:03:9a:fd:ea:ee:79:f7:87:66:96: b0:69:39:e1:e6:1a:bd:9e:0d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 0B:FB:7D:0B:0D:17:A3:CD:79:02:A3:A3:92:57:15:6F:DE:38:07:3C X509v3 Authority Key Identifier: keyid:0B:FB:7D:0B:0D:17:A3:CD:79:02:A3:A3:92:57:15:6F:DE:38:07:3C Signature Algorithm: sha1WithRSAEncryption 28:52:3d:9c:90:d1:89:00:d7:9d:3b:06:a6:32:28:e8:c0:8d: 9d:5a:0b:79:bb:1a:c9:1a:8d:c6:3a:a5:ec:5d:4c:9f:20:4c: c6:1e:41:df:7d:d5:fc:45:09:2b:4b:7c:ff:38:aa:ea:33:a0: 4a:be:7c:84:7c:58:e8:98:9b:c9:0e:4b:5b:11:c6:28:84:b1: 3f:bb:30:03:f6:38:40:9f:2d:32:bc:3a:97:b8:6f:fd:aa:9f: 67:a6:27:07:53:b2:40:41:86:b7:02:f2:6b:07:6f:1b:74:87: 63:3b:1b:89:13:08:cb:32:f0:3c:3b:5e:d6:df:e3:91:19:86: 7a:d4 -----BEGIN CERTIFICATE----- MIIDDzCCAnigAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjjELMAkGA1UERhMCVVMx DjAMBgNVBAgTBVRleGFzMRMwEQYDVQQKEwpCaWd0aW1lIENBMRAwDgYDVQQLEwdT aWduZXJzMRwwGgYDVQQDExNJbnRlZ3JhdGlvbiBSb290IENBMSowKAYJKoZIhvcN AQkBFhtqb2huLmthbmVAcHJvZGVhc3lzdGV3cy5jb20wHhcNMDkwNTI4MDQzNzEz WhcNMTIwNTI3MDQzNzEzWjCBjjELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFz MRMwEQYDVQQKEwpCaWd0aW1lIENBMRAwDgYDVQQLEwdTaWduZXJzMRwwGgYDVQQD ExNJbnRlZ3JhdGlvbiBSb290IENBMSowKAYJKoZIhvcNAQkBFhtqb2huLmthbmVA cHJvZGVhc3lzdGVtcy5jb20wgZ8wDQYJKoZIhvcNAQE1BQADgY0AMIGJAoGBALO/ 8BhdflcKzhU8KCqBbebFMZh+xAkD0ijyMz6IEV994RgzNX31+p2JqJUWCACBCCms N7OxK/MgUhXXGUSSnEXnLlj+fgfUH1qtWZE3hBSoTd9UomJmOJvwz0gBaA06fJOD AkjgdqFc+QU7SR4Dmv3q7nn3h2aWsGl54eYavZ4NAgMBAAGjezB5MAkGA1UdEwQC MAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBQL+30LDRejzXkCo6OSVxVv3jgHPfAfBgNVHSMEGDAWgBQL+30L DRejzXkCo6OSVxVv3jgHPDANBgkqhkiG9w0BAQUFAAOBgQAoUj2ckOGJANedOwam MijowI2dWgt5uxrJGo3GOqXsXUyfIEzGHkHffdD8RQkrS3z/OKrqM6BKvnyEfFjo mJ7JDktbEcYohLE/uzAD9jhAny0yvDqXuG/9qp9npicHU7JAQYa3AvJrB28bdIdo OxuJEwjLNvA8O17W3+ORGYZ61A== -----END CERTIFICATE----- This message is confidential to Prodea Systems, Inc unless otherwiseindicatedor apparent from its nature. This message is directed to the intendedrecipientonly, who may be readily determined by the sender of this message anditscontents. If the reader of this message is not the intendedrecipient, or anemployee or agent responsible for delivering this message to theintendedrecipient:(a)any dissemination or copying of this message is strictly prohibited; and(b)immediately notify the sender by return message anddestroyany copies of this message in any form(electronic, paper orotherwise) that youhave.The delivery of this message and its information is neitherintended to benor constitutes a disclosure or waiver of any trade secrets,intellectualproperty, attorney work product, or attorney-client communications.Theauthority of the individual sending this message to legally bindProdea Systemsis neither apparent nor implied,and must be independently verified.______________________________________________________________________OpenSSL Projecthttp://www.openssl.orgUser Support Mailing List openssl-us...@openssl.orgAutomated List Managermajord...@openssl.org______________________________________________________________________OpenSSL Project http:// www.openssl.org User Support Mailing List openssl- us...@openssl.org Automated List Manager majord...@openssl.orgThis message is confidential to Prodea Systems, Inc unless otherwise indicated or apparent from its nature. This message is directed to the intended recipient only, who may be readily determined by the sender of this message and its contents. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intendedrecipient:(a)any dissemination or copying of this message is strictlyprohibited; and(b)immediately notify the sender by return message and destroy any copies of this message in any form(electronic, paper or otherwise) that you have.The delivery of this message and its information is neither intended to be nor constitutes a disclosure or waiver of any trade secrets, intellectual property, attorney work product, or attorney-client communications. The authority of the individual sending this message to legally bind Prodea Systems is neither apparent nor implied,and must be independently verifie______________________________________________________________________OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org d.
smime.p7s
Description: S/MIME cryptographic signature
