Looks like I found the issue? I checked in the Event Viewer, and I found the following error:
"The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The TLS connection request has failed. The attached data contains the server certificate. The SSPI client process is ldaptest (PID: 4688)." See attached. So what's the path now? I must set trusted CA certified certificates to LDAPS to work? Thanks in advance! On Thu, Sep 8, 2022 at 11:58 AM Mariano Martinez Peck <marianop...@gmail.com> wrote: > BTW, my dynamic language client is doing pretty much the same as this C > example: > https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ldap/example-code-for-establishing-a-session-over-ssl?redirectedfrom=MSDN > > I compiled and run that example, and I also get the same error: > > >ldaptest.exe 127.0.0.1 > > Connecting to host "127.0.0.1" ... > Setting Protocol version to 3. > Checking if SSL is enabled > SSL not enabled. > SSL being enabled... > ldap_connect failed with 0x51. > > From what I understand, the 0x51 is the same as my "LDAP_SERVER_DOWN (81)" > > I tried changing 127.0.0.1 to localhost, 0.0.0.0 etc...they all had the > same issue. > > > thanks! > > > On Thu, Sep 8, 2022 at 8:33 AM Mariano Martinez Peck < > marianop...@gmail.com> wrote: > >> Hi Emmanuel, >> >> Looks like my client is not specifying any concrete version. However, I >> made sure to allow all of them (at least as a test) on the server. See >> attached screenshot. >> >> Thanks! >> >> >> >> On Thu, Sep 8, 2022 at 5:11 AM Emmanuel Lécharny <elecha...@gmail.com> >> wrote: >> >>> Hi, >>> >>> which TLS version are you using ? >>> >>> On 2022/09/07 23:55, Mariano Martinez Peck wrote: >>> > Hi everyone, >>> > >>> > I am using a dynamic language that via FFI it wraps the wldap32 dll. I >>> am >>> > using ApacheDS and I can perfectly connect to it from my client using >>> > normal LDAP. However, I cannot connect to it when using LDAPS. Yes, the >>> > checkbox is checked to start LDAP (on port 10636) and everything seems >>> > fine. In fact, from within ApacheDS I can open a connection to LDAPS >>> and it >>> > works. The problem is from my client. >>> > >>> > What I noticed is that in the logs, the following is printed: >>> > >>> > [17:28:23] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] >>> - >>> > Unexpected exception forcing session to close: sending disconnect >>> notice to >>> > client. >>> > javax.net.ssl.SSLException: Improper close state: Status = OK >>> > HandshakeStatus = NEED_WRAP >>> > bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 1 >>> > at >>> org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:497) >>> > at >>> org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:762) >>> > at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:693) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:49) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1155) >>> > at >>> > >>> org.apache.mina.core.filterchain.IoFilterAdapter.filterClose(IoFilterAdapter.java:146) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:49) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1155) >>> > at >>> > >>> org.apache.mina.filter.executor.ExecutorFilter.filterClose(ExecutorFilter.java:608) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:49) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1155) >>> > at >>> > >>> org.apache.mina.core.filterchain.IoFilterAdapter.filterClose(IoFilterAdapter.java:146) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireFilterClose(DefaultIoFilterChain.java:769) >>> > at >>> > >>> org.apache.mina.core.session.AbstractIoSession.closeNow(AbstractIoSession.java:353) >>> > at >>> > >>> org.apache.mina.core.service.IoHandlerAdapter.inputClosed(IoHandlerAdapter.java:102) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.inputClosed(DefaultIoFilterChain.java:997) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119) >>> > at >>> > >>> org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119) >>> > at >>> > >>> org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119) >>> > at >>> > >>> org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119) >>> > at >>> > >>> org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735) >>> > at >>> > >>> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireInputClosed(DefaultIoFilterChain.java:728) >>> > at >>> > >>> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:556) >>> > at >>> > >>> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68) >>> > at >>> > >>> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1222) >>> > at >>> > >>> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1211) >>> > at >>> > >>> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683) >>> > at >>> > >>> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) >>> > at >>> > >>> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) >>> > at >>> > >>> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) >>> > at java.base/java.lang.Thread.run(Thread.java:829) >>> > >>> > >>> > On my C client, I get the error "LDAP_SERVER_DOWN (81)" when calling >>> the >>> > function ldap_simple_bind_s() >>> > >>> > >>> > Does this tell anything to anyone? >>> > >>> > Thanks in advance! >>> > >>> > >>> >>> -- >>> *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE >>> T. +33 (0)4 89 97 36 50 >>> P. +33 (0)6 08 33 32 61 >>> emmanuel.lecha...@busit.com https://www.busit.com/ >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@directory.apache.org >>> For additional commands, e-mail: users-h...@directory.apache.org >>> >>> >> >> -- >> Mariano Martinez Peck >> Email: marianop...@gmail.com >> Twitter: @MartinezPeck >> LinkedIn: www.linkedin.com/in/mariano-martinez-peck >> <https://www.linkedin.com/in/mariano-mart%C3%ADnez-peck/> >> Blog: https://marianopeck.wordpress.com/ >> > > > -- > Mariano Martinez Peck > Email: marianop...@gmail.com > Twitter: @MartinezPeck > LinkedIn: www.linkedin.com/in/mariano-martinez-peck > <https://www.linkedin.com/in/mariano-mart%C3%ADnez-peck/> > Blog: https://marianopeck.wordpress.com/ > -- Mariano Martinez Peck Email: marianop...@gmail.com Twitter: @MartinezPeck LinkedIn: www.linkedin.com/in/mariano-martinez-peck <https://www.linkedin.com/in/mariano-mart%C3%ADnez-peck/> Blog: https://marianopeck.wordpress.com/
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@directory.apache.org For additional commands, e-mail: users-h...@directory.apache.org
