Arthur,
Thank you for your quick response - I really appreciate that
Does running nslcd in debug mode provide more information?
Heres the debug output:
nslcd: [8b4567] DEBUG: connection from pid=9817 uid=0 gid=0
nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable
one other thought here
I generated the certificate signing request (CSR) for the certs using
openssl like this:
openssl req -new -nodes -newkey rsa:4096 -keyout hostname.key -out
hostname.csr
I thought I read somewhere that openssl was no longer recommended for
debian certs
Arthur,
Thanks for the tips
I put several hours in to this problem today and am still stumped.
Now I am simply trying to connect to our university's openLDAP server
with PASSWORD auth, and that fails.
It fails on Debian 8 and Debian 9 but works on a colleague's Debian 7
Raspberry PI.
Here
This is the large CA-bundle.crt file that when configured as the
certificate bundle for the LDAP server, causes ldap-utils to fail with
tls_read want/got mismatches early in the negotiation
https://csde.washington.edu/~mbw/hide/ca-bundle.crt
I'll leave this link up for at least 1 year
Matt
The LDAP server we are connecting to is openldap 2.4.40 and sasl
2.1.26 provided by CentOS7
All the centos 7 clients work perfectly connecting to it
ldapsearch and ldapwhoami return "Can't contact LDAP server (-1)"
on higher debug level (-d2) , it looks like there is a tls_read want/got
mismatch.
Debug output below.
This is also broken in debian 8 but same commands work properly in
Debian 7 and the tls_read want/got mismatch does not
6 matches
Mail list logo