On 06/28/2011 03:24 AM, eleanor wrote: > Of course I've come accross this - I've also tried with the following > directive: > tls_reqcert allow > > but got the same error. > > I've created my own CA and server certificates, so maybe it's a > problem that my browser doesn't know the CA certificate - but it > shouldn't fail - it should ask me if I trust the issued certificate or > not. > > So this question stays opened. Once again: with ldapsearch the TLS > works without a problem. > > ------------------------------------------------------------------------------ > All of the data generated in your IT infrastructure is seriously valuable. > Why? It contains a definitive record of application performance, security > threats, fraudulent activity, and more. Splunk takes this data and makes > sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-d2d-c2 >
I'm also having this same problem. I have double and triple checked everything. I have two remote clients connecting to the ldap server correctly but for whatever reason I keep receiving: Could not start TLS. (Server) Error: Could not start TLS. Please check your LDAP server configuration. error Unable to connect to LDAP server Server Error: Can't contact LDAP server (-1) for user error Failed to Authenticate to server Invalid Username or Password. Aug 5 02:56:24 auth slapd[532]: conn=3868 fd=15 ACCEPT from IP=192.168.1.184:52761 (IP=0.0.0.0:389) Aug 5 02:56:24 auth slapd[532]: conn=3868 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Aug 5 02:56:24 auth slapd[532]: conn=3868 op=0 STARTTLS Aug 5 02:56:24 auth slapd[532]: conn=3868 op=0 RESULT oid= err=0 text= Aug 5 02:56:24 auth slapd[532]: conn=3868 fd=15 closed (TLS negotiation failure) ldapsearch -ZZ -d <DN> <server> -W works fine. I am able to see the directory on both the local box as well as two different clients (a shell box and an email server). Can someone PLEASE point me in the right direction as to what may be going wrong here? It seems to be more a php/pla problem than anything related to openldap. As an example this is a user logging in using the LDAP client to authenticate using PAM: Aug 5 02:59:20 auth slapd[532]: conn=3873 fd=22 ACCEPT from IP=192.168.1.181:40744 (IP=0.0.0.0:389) Aug 5 02:59:20 auth slapd[532]: conn=3873 op=0 EXT oid=1.3.6.1.4.1.1466.20037 Aug 5 02:59:20 auth slapd[532]: conn=3873 op=0 STARTTLS Aug 5 02:59:20 auth slapd[532]: conn=3873 op=0 RESULT oid= err=0 text= Aug 5 02:59:20 auth slapd[532]: conn=3873 fd=22 TLS established tls_ssf=256 ssf=256 Aug 5 02:59:20 auth slapd[532]: conn=3873 op=1 BIND dn="" method=128 Aug 5 02:59:20 auth slapd[532]: conn=3873 op=1 RESULT tag=97 err=0 text= So it seems that regardless that the TLS does indeed work. I was able to authenticate and login to a shell using ldap for a non-local user. The LDAP server works fine for email (dovecot) as well. Any ideas would be greatly appreciated. ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ phpldapadmin-users mailing list phpldapadmin-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
