Sorry, I told something wrong, see below... On Tue, Nov 12, 2013 at 09:58:08PM +0100, Klara Mall wrote: > many thanks for your reply! > > I modified Ldap.pm (debug output for IO::Socket::SSL). > > Configuration snippet: > ----------------------------------- > <AuthBy GROUP> > Identifier ldap123 > AuthByPolicy ContinueWhileAccept > <AuthBy LDAP2> > Host kit-dc-04.kit.edu > Port 636 > Version 3 > UseSSL > SSLCAFile %D/certificates/ca.pem > Timeout 3 > ... > </AuthBy>
I noticed that here I use Port 389 with STARTTLS (UseTLS) not UseSSL. It works if I use SSL here. I analyzed now (given two different LDAP server hosts): a. if I use SSL in both connections it works. b. if I use TLS in both connections it works. c. if I use TLS in RewriteFunction and SSL in AuthBy LDAP2 it doesn't work. d. if I use SSL in RewriteFunction and TLS in AuthBy LDAP2 it doesn't work. c: This is what I was describing in this email (2nd authentication fails). d: Not the 2nd authentication fails but the 1st. RewriteFunction is ok: DEBUG: .../IO/Socket/SSL.pm:1210: identity=kit-dc-04.kit.edu cn=kit-dc-04.kit.edu alt=2 kit-dc-04.kit.edu 2 kit-dc.kit.edu AuthBy LDAP2 fails: DEBUG: .../IO/Socket/SSL.pm:1210: identity=kit-dc-04.kit.edu cn=kit-ad.scc.kit.edu alt=1 [email protected] I seems that the first TLS connection after an SSL connection fails. I have to try to reproduce this with a Perl program which does nothing else than such two connections. Regards Klara _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
