Hi,
likely to be the reason your connection fails.
You have 2 options:
- make it so your client does not try to validate the self-signed
certificate we provide. It should work then. There is no real reason to
check the server's certificate in such a scenario, unless it"'s going to
be a production server
- or set a signed certificate on the server
On 2022/09/08 17:07, Mariano Martinez Peck wrote:
Looks like I found the issue? I checked in the Event Viewer, and I found
the following error:
"The certificate received from the remote server was issued by an
untrusted certificate authority. Because of this, none of the data
contained in the certificate can be validated. The TLS connection
request has failed. The attached data contains the server certificate.
The SSPI client process is ldaptest (PID: 4688)."
See attached.
So what's the path now? I must set trusted CA certified certificates to
LDAPS to work?
Thanks in advance!
On Thu, Sep 8, 2022 at 11:58 AM Mariano Martinez Peck
<marianop...@gmail.com <mailto:marianop...@gmail.com>> wrote:
BTW, my dynamic language client is doing pretty much the same as
this C example:
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ldap/example-code-for-establishing-a-session-over-ssl?redirectedfrom=MSDN
<https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ldap/example-code-for-establishing-a-session-over-ssl?redirectedfrom=MSDN>
I compiled and run that example, and I also get the same error:
>ldaptest.exe 127.0.0.1
Connecting to host "127.0.0.1" ...
Setting Protocol version to 3.
Checking if SSL is enabled
SSL not enabled.
SSL being enabled...
ldap_connect failed with 0x51.
From what I understand, the 0x51 is the same as my
"LDAP_SERVER_DOWN (81)"
I tried changing 127.0.0.1 to localhost, 0.0.0.0 etc...they all had
the same issue.
thanks!
On Thu, Sep 8, 2022 at 8:33 AM Mariano Martinez Peck
<marianop...@gmail.com <mailto:marianop...@gmail.com>> wrote:
Hi Emmanuel,
Looks like my client is not specifying any concrete version.
However, I made sure to allow all of them (at least as a test)
on the server. See attached screenshot.
Thanks!
On Thu, Sep 8, 2022 at 5:11 AM Emmanuel Lécharny
<elecha...@gmail.com <mailto:elecha...@gmail.com>> wrote:
Hi,
which TLS version are you using ?
On 2022/09/07 23:55, Mariano Martinez Peck wrote:
> Hi everyone,
>
> I am using a dynamic language that via FFI it wraps the
wldap32 dll. I am
> using ApacheDS and I can perfectly connect to it from my
client using
> normal LDAP. However, I cannot connect to it when using
LDAPS. Yes, the
> checkbox is checked to start LDAP (on port 10636) and
everything seems
> fine. In fact, from within ApacheDS I can open a
connection to LDAPS and it
> works. The problem is from my client.
>
> What I noticed is that in the logs, the following is printed:
>
> [17:28:23] WARN
[org.apache.directory.server.ldap.LdapProtocolHandler] -
> Unexpected exception forcing session to close: sending
disconnect notice to
> client.
> javax.net.ssl.SSLException: Improper close state: Status = OK
> HandshakeStatus = NEED_WRAP
> bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 1
> at
org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:497)
> at
org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:762)
> at
org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:693)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:49)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1155)
> at
>
org.apache.mina.core.filterchain.IoFilterAdapter.filterClose(IoFilterAdapter.java:146)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:49)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1155)
> at
>
org.apache.mina.filter.executor.ExecutorFilter.filterClose(ExecutorFilter.java:608)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:49)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1155)
> at
>
org.apache.mina.core.filterchain.IoFilterAdapter.filterClose(IoFilterAdapter.java:146)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireFilterClose(DefaultIoFilterChain.java:769)
> at
>
org.apache.mina.core.session.AbstractIoSession.closeNow(AbstractIoSession.java:353)
> at
>
org.apache.mina.core.service.IoHandlerAdapter.inputClosed(IoHandlerAdapter.java:102)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.inputClosed(DefaultIoFilterChain.java:997)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119)
> at
>
org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119)
> at
>
org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119)
> at
>
org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119)
> at
>
org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735)
> at
>
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireInputClosed(DefaultIoFilterChain.java:728)
> at
>
org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:556)
> at
>
org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68)
> at
>
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1222)
> at
>
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1211)
> at
>
org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683)
> at
>
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64)
> at
>
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
> at
>
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
> at java.base/java.lang.Thread.run(Thread.java:829)
>
>
> On my C client, I get the error "LDAP_SERVER_DOWN (81)"
when calling the
> function ldap_simple_bind_s()
>
>
> Does this tell anything to anyone?
>
> Thanks in advance!
>
>
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com
<mailto:emmanuel.lecha...@busit.com> https://www.busit.com/
<https://www.busit.com/>
---------------------------------------------------------------------
To unsubscribe, e-mail:
users-unsubscr...@directory.apache.org
<mailto:users-unsubscr...@directory.apache.org>
For additional commands, e-mail:
users-h...@directory.apache.org
<mailto:users-h...@directory.apache.org>
--
Mariano Martinez Peck
Email: marianop...@gmail.com <mailto:marianop...@gmail.com>
Twitter: @MartinezPeck
LinkedIn: www.linkedin.com/in/mariano-martinez-peck
<https://www.linkedin.com/in/mariano-mart%C3%ADnez-peck/>
Blog: https://marianopeck.wordpress.com/
<https://marianopeck.wordpress.com/>
--
Mariano Martinez Peck
Email: marianop...@gmail.com <mailto:marianop...@gmail.com>
Twitter: @MartinezPeck
LinkedIn: www.linkedin.com/in/mariano-martinez-peck
<https://www.linkedin.com/in/mariano-mart%C3%ADnez-peck/>
Blog: https://marianopeck.wordpress.com/
<https://marianopeck.wordpress.com/>
--
Mariano Martinez Peck
Email: marianop...@gmail.com <mailto:marianop...@gmail.com>
Twitter: @MartinezPeck
LinkedIn: www.linkedin.com/in/mariano-martinez-peck
<https://www.linkedin.com/in/mariano-mart%C3%ADnez-peck/>
Blog: https://marianopeck.wordpress.com/
<https://marianopeck.wordpress.com/>
--
*Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
T. +33 (0)4 89 97 36 50
P. +33 (0)6 08 33 32 61
emmanuel.lecha...@busit.com https://www.busit.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@directory.apache.org
For additional commands, e-mail: users-h...@directory.apache.org
