On 08/05/2014 03:04 AM, JR Gonzalez wrote: > On 06/28/2011 03:24 AM, eleanor wrote: >> Of course I've come accross this - I've also tried with the following >> directive: >> tls_reqcert allow >> >> but got the same error. >> >> I've created my own CA and server certificates, so maybe it's a >> problem that my browser doesn't know the CA certificate - but it >> shouldn't fail - it should ask me if I trust the issued certificate or >> not. >> >> So this question stays opened. Once again: with ldapsearch the TLS >> works without a problem. >> >> ------------------------------------------------------------------------------ >> All of the data generated in your IT infrastructure is seriously valuable. >> Why? It contains a definitive record of application performance, security >> threats, fraudulent activity, and more. Splunk takes this data and makes >> sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-d2d-c2 >> > > > I'm also having this same problem. I have double and triple checked > everything. I have two remote clients connecting to the ldap server > correctly but for whatever reason I keep receiving: > > Could not start TLS. (Server) > Error: Could not start TLS. Please check your LDAP server configuration. > error Unable to connect to LDAP server Server > Error: Can't contact LDAP server (-1) for user > error Failed to Authenticate to server > Invalid Username or Password. > > Aug 5 02:56:24 auth slapd[532]: conn=3868 fd=15 ACCEPT from > IP=192.168.1.184:52761 (IP=0.0.0.0:389) > Aug 5 02:56:24 auth slapd[532]: conn=3868 op=0 EXT > oid=1.3.6.1.4.1.1466.20037 > Aug 5 02:56:24 auth slapd[532]: conn=3868 op=0 STARTTLS > Aug 5 02:56:24 auth slapd[532]: conn=3868 op=0 RESULT oid= err=0 text= > Aug 5 02:56:24 auth slapd[532]: conn=3868 fd=15 closed (TLS negotiation > failure) > > ldapsearch -ZZ -d <DN> <server> -W works fine. I am able to see the > directory on both the local box as well as two different clients (a > shell box and an email server). Can someone PLEASE point me in the right > direction as to what may be going wrong here? It seems to be more a > php/pla problem than anything related to openldap. > > As an example this is a user logging in using the LDAP client to > authenticate using PAM: > > Aug 5 02:59:20 auth slapd[532]: conn=3873 fd=22 ACCEPT from > IP=192.168.1.181:40744 (IP=0.0.0.0:389) > Aug 5 02:59:20 auth slapd[532]: conn=3873 op=0 EXT > oid=1.3.6.1.4.1.1466.20037 > Aug 5 02:59:20 auth slapd[532]: conn=3873 op=0 STARTTLS > Aug 5 02:59:20 auth slapd[532]: conn=3873 op=0 RESULT oid= err=0 text= > Aug 5 02:59:20 auth slapd[532]: conn=3873 fd=22 TLS established > tls_ssf=256 ssf=256 > Aug 5 02:59:20 auth slapd[532]: conn=3873 op=1 BIND dn="" method=128 > Aug 5 02:59:20 auth slapd[532]: conn=3873 op=1 RESULT tag=97 err=0 text= > > So it seems that regardless that the TLS does indeed work. I was able to > authenticate and login to a shell using ldap for a non-local user. The > LDAP server works fine for email (dovecot) as well. Any ideas would be > greatly appreciated. >
Ok. After giving my webserver user a shell to use and making sure it can access it... I realized that my cert dir wasn't o+x so the web server couldn't "see" the cert. :/ It is working now. Sorry to bother. ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ phpldapadmin-users mailing list phpldapadmin-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpldapadmin-users
