Re: [389-users] TLS failure

What was old uri? Did you change port aswell? The error looks like result of trying using starttls on encrypted connection. Starttls works on 389 port. You need to leave ldap and 389 port in URL and then try to use starttls. This should work 7 maj 2013 10:52, "Aziza Lichir" <aziza.lichir(a)gmail.com&gt; napisał(a): yes this is my file : > /etc/ldap.conf > > uri ldaps://srv-ds-38.meyclub.net:636 > ssl start_tls > tls_cacertdir /etc/openldap/cacerts > pam_password crypt > > and /etc/openldap/ldap.conf: > > URI ldaps://srv-ds-38.meyclub.net:636 --> i've tried with ldap and it > was the same > BASE dc=meyclub,dc=net > TLS_CACERTDIR /etc/openldap/cacerts > TLS_REQCERT allow > > > > 2013/5/7 Grzegorz Dwornicki <gd1100(a)gmail.com&gt; > >> Are you using LDAPS uri with -ZZ args? >> 7 maj 2013 10:18, "Aziza Lichir" <aziza.lichir(a)gmail.com&gt; napisał(a): >> >>> Hey, >>> >>> I'm having problems with TLS/SSL on my client side. When I do >>> ldapsearch -ZZ it works just fine and says that SSL started but when i try >>> to authenticate a user I keep getting this strange error: >>> >>> [07/May/2013:10:04:06 +0200] conn=95 fd=228 slot=228 SSL connection >>> [07/May/2013:10:04:06 +0200] conn=95 SSL 256-bit AES >>> [07/May/2013:10:04:06 +0200] conn=95 op=0 EXT >>> oid="1.3.6.1.4.1.1466.20037" name="startTLS" >>> [07/May/2013:10:04:06 +0200] conn=95 op=0 RESULT err=1 tag=120 >>> nentries=0 etime=0 >>> [07/May/2013:10:04:06 +0200] conn=95 op=1 UNBIND >>> [07/May/2013:10:04:06 +0200] conn=95 op=1 fd=228 closed - U1 >>> >>> >>> the plate form is : >>> server : CentOS-6.3-i386 >>> client: CentOS 5.3 >>> >>> [root@srv-ds-38 ~]# rpm -qi 389-ds-base >>> Name : 389-ds-base Relocations: (not >>> relocatable) >>> Version : 1.2.11.15 Vendor: CentOS >>> Release : 14.el6_4 Build Date: Tue 16 Apr 2013 >>> 12:57:55 AM CEST >>> Install Date: Fri 26 Apr 2013 04:05:26 PM CEST Build Host: >>> c6b7.bsys.dev.centos.org >>> Group : System Environment/Daemons Source RPM: >>> 389-ds-base-1.2.11.15-14.el6_4.src.rpm >>> Size : 4940881 License: GPLv2 with >>> exceptions >>> Signature : RSA/SHA1, Tue 16 Apr 2013 11:32:27 AM CEST, Key ID >>> 0946fca2c105b9de >>> Packager : CentOS BuildSystem <http://bugs.centos.org> >>> URL : http://port389.org/ >>> Summary : 389 Directory Server (base) >>> Description : >>> 389 Directory Server is an LDAPv3 compliant server. The base package >>> includes >>> the LDAP server and command line utilities for server administration. >>> >>> >>> I would appreciate some help. >>> -- >>> >>> >>> * >>> >>> >>> >>> ___________________________________________________________* >>> *Aziza Lichir* >>> * >>> * >>> >>> -- >>> 389 users mailing list >>> 389-users(a)lists.fedoraproject.org >>> https://admin.fedoraproject.org/mailman/listinfo/389-users >>> >> >> -- >> 389 users mailing list >> 389-users(a)lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/389-users >> > > > > -- > > > * > > > > ___________________________________________________________* > *Aziza Lichir* > * > * > > -- > 389 users mailing list > 389-users(a)lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- 389 users mailing list 389-users(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users