Re: OpenLDAP self-signed certificates issue

2014-09-08 Thread Michael Ströder
Ryan Tandy wrote: > On 07/09/14 10:28 PM, Vijay Ganesan wrote: >> But I can't seem to connect using ldaps://localhost:636 using Apache >> Directory Studio client. I get a "Error while opening connection - >> Cannot connect on the server: Connection refused" error. >> I can connect fine using ldap:/

Re: OpenLDAP self-signed certificates issue

2014-09-08 Thread Ryan Tandy
On 08/09/14 08:02 AM, Vijay Ganesan wrote: ldap_start_tls: Connect error (-11) additional info: A TLS packet with unexpected length was received. Unfortunately GnuTLS does not make it easy to diagnose this kind of error. There might still be a misconfiguration somewhere, or there might be a p

Re: OpenLDAP self-signed certificates issue

2014-09-08 Thread Vijay Ganesan
Thanks Ryan and Udai. Don't really have to use ldaps. I understand now that the documentation is for StartTLS an can use that. LDAPTLS_CACERT=/etc/ssl/certs/vijay_slapd_cert.pem ldapwhoami -H ldap://localhost -x -ZZ give

Re: OpenLDAP self-signed certificates issue

2014-09-08 Thread Ryan Tandy
On 07/09/14 10:28 PM, Vijay Ganesan wrote: But I can't seem to connect using ldaps://localhost:636 using Apache Directory Studio client. I get a "Error while opening connection - Cannot connect on the server: Connection refused" error. I can connect fine using ldap://localhost:389. Like Udai wr

Re: OpenLDAP self-signed certificates issue

2014-09-07 Thread Udai Singh Mehra (Vizury)
ldaps has been deprecated in favour of keeping all communication open only at one port. try to use ldap://host:389 port 0 enable tls Use above settings based on your client I am using sssd client with following setting and it works on TLS. [sssd] config_file_version = 2 services = nss, pam, su

Antw: Re: OpenLDAP self-signed certificates issue

2014-09-07 Thread Ulrich Windl
>>> Vijay Ganesan schrieb am 08.09.2014 um 03:45 in Nachricht : > Note the in generating the self-signed certificate I use "localhost" as the > common name. Why do you need to proove the identity of localhost? Did you understand what PKI is all about? > > On Sun, Sep 7, 2014 at 2:20 PM, Vijay

Re: OpenLDAP self-signed certificates issue

2014-09-07 Thread Vijay Ganesan
Thanks Ryan for pointing me to the right link. I've configured TLS following those instructions. But I can't seem to connect using ldaps://localhost:636 using Apache Directory Studio client. I get a "Error while opening connection - Cannot connect on the server: Connection refused" error. I can con

Re: OpenLDAP self-signed certificates issue

2014-09-07 Thread Vijay Ganesan
Note the in generating the self-signed certificate I use "localhost" as the common name. On Sun, Sep 7, 2014 at 2:20 PM, Vijay Ganesan wrote: > > For SSL, I'm trying to install a self-signed certificate to OpenLDAP > (version 2.4.28 on Ubuntu 12.04). Followed the following steps: > *1. Created s

Re: OpenLDAP self-signed certificates issue

2014-09-07 Thread Ryan Tandy
The Ubuntu server guide has a chapter on setting up OpenLDAP, including a section on configuring TLS. Have you followed it? https://help.ubuntu.com/12.04/serverguide/openldap-server.html On 07/09/14 02:20 PM, Vijay Ganesan wrote: 2. Added following entries to /usr/share/slapd/slapd.conf: Are

OpenLDAP self-signed certificates issue

2014-09-07 Thread Vijay Ganesan
For SSL, I'm trying to install a self-signed certificate to OpenLDAP (version 2.4.28 on Ubuntu 12.04). Followed the following steps: *1. Created server certificate using:* openssl req -newkey rsa:1024 -x509 -nodes -out server.pem -keyout server.pem -days 365 *2. Added following entries to /usr/shar