On 636 your connection was working with certificate. It should be encrypted aswell

7 maj 2013 11:16, "Aziza Lichir" <aziza.lichir@gmail.com> napisa³(a):
I agree when i used uri ldap with 389 port it was working but i want to connect to server on 636 port thats why i've changed my flie.
 

2013/5/7 Grzegorz Dwornicki <gd1100@gmail.com>

What was old uri? Did you change port aswell?

The error looks like result of trying using starttls on encrypted connection. Starttls works on 389 port. You need to leave ldap and 389 port in URL and then try to use starttls. This should work

7 maj 2013 10:52, "Aziza Lichir" <aziza.lichir@gmail.com> napisa³(a):

yes this is my file :
/etc/ldap.conf

uri ldaps://srv-ds-38.meyclub.net:636
ssl start_tls
tls_cacertdir /etc/openldap/cacerts
pam_password crypt

 and /etc/openldap/ldap.conf:

URI ldaps://srv-ds-38.meyclub.net:636 --> i've tried with ldap and it was the same
BASE dc=meyclub,dc=net
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow



2013/5/7 Grzegorz Dwornicki <gd1100@gmail.com>

Are you using LDAPS uri with -ZZ args?

7 maj 2013 10:18, "Aziza Lichir" <aziza.lichir@gmail.com> napisa³(a):
Hey,

I'm having problems with TLS/SSL on my client side. When I do ldapsearch -ZZ it works just fine and says that SSL started but when i try  to authenticate a user I keep getting this strange error:

[07/May/2013:10:04:06 +0200] conn=95 fd=228 slot=228 SSL connection
[07/May/2013:10:04:06 +0200] conn=95 SSL 256-bit AES
[07/May/2013:10:04:06 +0200] conn=95 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[07/May/2013:10:04:06 +0200] conn=95 op=0 RESULT err=1 tag=120 nentries=0 etime=0
[07/May/2013:10:04:06 +0200] conn=95 op=1 UNBIND
[07/May/2013:10:04:06 +0200] conn=95 op=1 fd=228 closed - U1


the plate form is :
 server : CentOS-6.3-i386
client: CentOS  5.3

[root@srv-ds-38 ~]# rpm -qi 389-ds-base
Name        : 389-ds-base                  Relocations: (not relocatable)
Version     : 1.2.11.15                         Vendor: CentOS
Release     : 14.el6_4                      Build Date: Tue 16 Apr 2013 12:57:55 AM CEST
Install Date: Fri 26 Apr 2013 04:05:26 PM CEST      Build Host: c6b7.bsys.dev.centos.org
Group       : System Environment/Daemons    Source RPM: 389-ds-base-1.2.11.15-14.el6_4.src.rpm
Size        : 4940881                          License: GPLv2 with exceptions
Signature   : RSA/SHA1, Tue 16 Apr 2013 11:32:27 AM CEST, Key ID 0946fca2c105b9de
Packager    : CentOS BuildSystem <http://bugs.centos.org>
URL         : http://port389.org/
Summary     : 389 Directory Server (base)
Description :
389 Directory Server is an LDAPv3 compliant server.  The base package includes
the LDAP server and command line utilities for server administration.


I would appreciate some help.
--
 
 




___________________________________________________________
 Aziza Lichir


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
 
 




___________________________________________________________
 Aziza Lichir


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
 
 




___________________________________________________________
 Aziza Lichir


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users