On 06/28/2011 03:24 AM, eleanor wrote:
> Of course I've come accross this - I've also tried with the following 
> directive:
>   tls_reqcert allow
> 
> but got the same error.
> 
> I've created my own CA and server certificates, so maybe it's a
> problem that my browser doesn't know the CA certificate - but it
> shouldn't fail - it should ask me if I trust the issued certificate or
> not.
> 
> So this question stays opened. Once again: with ldapsearch the TLS
> works without a problem.
> 
> ------------------------------------------------------------------------------
> All of the data generated in your IT infrastructure is seriously valuable.
> Why? It contains a definitive record of application performance, security 
> threats, fraudulent activity, and more. Splunk takes this data and makes 
> sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-d2d-c2
> 


I'm also having this same problem. I have double and triple checked
everything. I have two remote clients connecting to the ldap server
correctly but for whatever reason I keep receiving:

Could not start TLS. (Server)
Error: Could not start TLS. Please check your LDAP server configuration.
error   Unable to connect to LDAP server Server
Error: Can't contact LDAP server (-1) for user
error   Failed to Authenticate to server
Invalid Username or Password.

Aug  5 02:56:24 auth slapd[532]: conn=3868 fd=15 ACCEPT from
IP=192.168.1.184:52761 (IP=0.0.0.0:389)
Aug  5 02:56:24 auth slapd[532]: conn=3868 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Aug  5 02:56:24 auth slapd[532]: conn=3868 op=0 STARTTLS
Aug  5 02:56:24 auth slapd[532]: conn=3868 op=0 RESULT oid= err=0 text=
Aug  5 02:56:24 auth slapd[532]: conn=3868 fd=15 closed (TLS negotiation
failure)

ldapsearch -ZZ -d <DN> <server> -W works fine. I am able to see the
directory on both the local box as well as two different clients (a
shell box and an email server). Can someone PLEASE point me in the right
direction as to what may be going wrong here? It seems to be more a
php/pla problem than anything related to openldap.

As an example this is a user logging in using the LDAP client to
authenticate using PAM:

Aug  5 02:59:20 auth slapd[532]: conn=3873 fd=22 ACCEPT from
IP=192.168.1.181:40744 (IP=0.0.0.0:389)
Aug  5 02:59:20 auth slapd[532]: conn=3873 op=0 EXT
oid=1.3.6.1.4.1.1466.20037
Aug  5 02:59:20 auth slapd[532]: conn=3873 op=0 STARTTLS
Aug  5 02:59:20 auth slapd[532]: conn=3873 op=0 RESULT oid= err=0 text=
Aug  5 02:59:20 auth slapd[532]: conn=3873 fd=22 TLS established
tls_ssf=256 ssf=256
Aug  5 02:59:20 auth slapd[532]: conn=3873 op=1 BIND dn="" method=128
Aug  5 02:59:20 auth slapd[532]: conn=3873 op=1 RESULT tag=97 err=0 text=

So it seems that regardless that the TLS does indeed work. I was able to
authenticate and login to a shell using ldap for a non-local user. The
LDAP server works fine for email (dovecot) as well. Any ideas would be
greatly appreciated.


------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________
phpldapadmin-users mailing list
phpldapadmin-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users

Reply via email to