Hi All,
No luck, have inserted nsTLS1: on
Can't work still. Still stay with PassSync 1.2.11.15
--
Paul Ooi
On 7/27/15 23:25, German Parente wrote:
Hi Ozikat,
please, send your feedback as possible.
thanks and regards,
German.
----- Original Message -----
> From: "ozikat" <ozikat12(a)gmail.com>
> To: 389-users(a)lists.fedoraproject.org
> Sent: Monday, July 27, 2015 4:43:16 PM
> Subject: Re: [389-users] PassSync to 389DS SSL Error: Peer reports incompatible or
unsupported protocol version.
>
> Hi German,
>
> I am using 389-DS-BASE 1.2.11.15-48.el6_6. I got it working when
> installed PassSync 1.2.11.15 on the Windows 2008 R2 server.
>
> I will try to add nsTLS1 and see whether it works on 1.2.11.16
>
> Thank you.
>
> --
> Ozikat
>
> On 7/27/15 18:31, German Parente wrote:
>> Hi,
>>
>> Which is the version of 389-ds-base you are running ?
>>
>> By the way, have you enabled TLS on server side ?
>>
>> In entry:
>>
>> dn: cn=encryption,cn=config
>>
>> the attribute nsTLS1 should be "on" :
>>
>> nsTLS1: on
>>
>> Thanks and regards,
>>
>> German.
>>
>>
>> ----- Original Message -----
>>> From: "ozikat" <ozikat12(a)gmail.com>
>>> To: 389-users(a)lists.fedoraproject.org
>>> Sent: Sunday, July 26, 2015 6:20:13 PM
>>> Subject: [389-users] PassSync to 389DS SSL Error: Peer reports
>>> incompatible or unsupported protocol version.
>>>
>>> Good day everyday,
>>>
>>> I came across the problem to connect from 389PassSync Version
>>> 1.1.6-x86_64 running on Windows 2008 R2 _to_ 389-DS version 1.2.11.15
>>> that running on Linux CentOS 6.6.
>>>
>>> Below is the error seen on /var/logs/dirdrv/slapd-xxx/access
>>>
>>> ### Access Log Start ###
>>>
>>> [26/Jul/2015:15:47:37 +0000] conn=4 fd=65 slot=65 SSL connection from
>>> x.x.x.x to y.y.y.y
>>> [26/Jul/2015:15:47:37 +0000] conn=4 op=-1 fd=65 closed - Peer reports
>>> incompatible or unsupported protocol version.
>>> [26/Jul/2015:15:47:45 +0000] conn=5 fd=65 slot=65 SSL connection from
>>> x.x.x.x to y.y.y.y
>>> [26/Jul/2015:15:47:45 +0000] conn=5 op=-1 fd=65 closed - Peer reports
>>> incompatible or unsupported protocol version.
>>> [26/Jul/2015:15:48:01 +0000] conn=6 fd=65 slot=65 SSL connection from
>>> x.x.x.x to y.y.y.y
>>> [26/Jul/2015:15:48:01 +0000] conn=6 op=-1 fd=65 closed - Peer reports
>>> incompatible or unsupported protocol version.
>>> [26/Jul/2015:15:49:15 +0000] conn=1 fd=64 slot=64 SSL connection from
>>> x.x.x.x to y.y.y.y
>>> [26/Jul/2015:15:49:15 +0000] conn=1 op=-1 fd=64 closed - Peer reports
>>> incompatible or unsupported protocol version.
>>>
>>> ### Access Log End ###
>>>
>>> I tried to connect using ldp.exe on Windows 2008 Server, it seems ok.
>>> Just that PassSync unable to communicate via the SSL connections from
>>> the server.
>>>
>>> ###### ldp.exe start #####
>>> ld = ldap_open("curry.noodle.com", 636);
>>> Established connection to
curry.noodle.com.
>>> Retrieving base DSA information...
>>> Getting 1 entries:
>>> Dn: (RootDSE)
>>> dataversion: 020150726160257020150726160257;
>>> defaultnamingcontext: dc=noodle,dc=com;
>>> namingContexts (2): dc=noodle,dc=com; o=netscaperoot;
>>> netscapemdsuffix: cn=ldap://dc=curry,dc=noodle,dc=com:389;
>>> objectClass: top;
>>> supportedControl (21): 2.16.840.1.113730.3.4.2; 2.16.840.1.113730.3.4.3;
>>> 2.16.840.1.113730.3.4.4; 2.16.840.1.113730.3.4.5; 1.2.840.113556.1.4.473
>>> = ( SORT ); 2.16.840.1.113730.3.4.9 = ( VLVREQUEST );
>>> 2.16.840.1.113730.3.4.16; 2.16.840.1.113730.3.4.15;
>>> 2.16.840.1.113730.3.4.17; 2.16.840.1.113730.3.4.19;
>>> 1.3.6.1.4.1.42.2.27.8.5.1; 1.3.6.1.4.1.42.2.27.9.5.2;
>>> 1.2.840.113556.1.4.319 = ( PAGED_RESULT ); 1.3.6.1.4.1.42.2.27.9.5.8;
>>> 1.3.6.1.4.1.4203.666.5.16; 2.16.840.1.113730.3.4.14;
>>> 2.16.840.1.113730.3.4.20; 1.3.6.1.4.1.1466.29539.12;
>>> 2.16.840.1.113730.3.4.12; 2.16.840.1.113730.3.4.18;
>>> 2.16.840.1.113730.3.4.13;
>>> supportedExtension (14): 2.16.840.1.113730.3.5.7;
>>> 2.16.840.1.113730.3.5.8; 2.16.840.1.113730.3.5.3;
>>> 2.16.840.1.113730.3.5.12; 2.16.840.1.113730.3.5.5;
>>> 2.16.840.1.113730.3.5.6; 2.16.840.1.113730.3.5.9;
>>> 2.16.840.1.113730.3.5.4; 2.16.840.1.113730.3.6.5;
>>> 2.16.840.1.113730.3.6.6; 2.16.840.1.113730.3.6.7;
>>> 2.16.840.1.113730.3.6.8; 1.3.6.1.4.1.1466.20037 = ( START_TLS );
>>> 1.3.6.1.4.1.4203.1.11.1;
>>> supportedLDAPVersion (2): 2; 3;
>>> supportedSASLMechanisms (5): EXTERNAL; CRAM-MD5; DIGEST-MD5; ANONYMOUS;
>>> GSSAPI;
>>> vendorName: 389 Project;
>>> vendorVersion: 389-Directory/1.2.11.15 B2014.314.1342;
>>>
>>> -----------
>>> res = ldap_simple_bind_s(ld, 'cn=spicy,cn=config',
<unavailable>); // v.3
>>> Authenticated as: 'cn=spicy,cn=config'.
>>> -----------
>>>
>>> ###### ldp.exe end #####
>>>
>>> Hopefully there are jedi in the rom can help ;)
>>>
>>> --
>>> Ozikat
>>> --
>>> 389 users mailing list
>>> 389-users(a)lists.fedoraproject.org
>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users