On 636 your connection was working with certificate. It should be encrypted
aswell
7 maj 2013 11:16, "Aziza Lichir" <aziza.lichir(a)gmail.com> napisał(a):
I agree when i used uri ldap with 389 port it was working but i want
to
connect to server on 636 port thats why i've changed my flie.
2013/5/7 Grzegorz Dwornicki <gd1100(a)gmail.com>
> What was old uri? Did you change port aswell?
>
> The error looks like result of trying using starttls on encrypted
> connection. Starttls works on 389 port. You need to leave ldap and 389 port
> in URL and then try to use starttls. This should work
> 7 maj 2013 10:52, "Aziza Lichir" <aziza.lichir(a)gmail.com>
napisał(a):
>
> yes this is my file :
>> /etc/ldap.conf
>>
>> uri ldaps://srv-ds-38.meyclub.net:636
>> ssl start_tls
>> tls_cacertdir /etc/openldap/cacerts
>> pam_password crypt
>>
>> and /etc/openldap/ldap.conf:
>>
>> URI ldaps://srv-ds-38.meyclub.net:636 --> i've tried with ldap and it
>> was the same
>> BASE dc=meyclub,dc=net
>> TLS_CACERTDIR /etc/openldap/cacerts
>> TLS_REQCERT allow
>>
>>
>>
>> 2013/5/7 Grzegorz Dwornicki <gd1100(a)gmail.com>
>>
>>> Are you using LDAPS uri with -ZZ args?
>>> 7 maj 2013 10:18, "Aziza Lichir" <aziza.lichir(a)gmail.com>
napisał(a):
>>>
>>>> Hey,
>>>>
>>>> I'm having problems with TLS/SSL on my client side. When I do
>>>> ldapsearch -ZZ it works just fine and says that SSL started but when i
try
>>>> to authenticate a user I keep getting this strange error:
>>>>
>>>> [07/May/2013:10:04:06 +0200] conn=95 fd=228 slot=228 SSL connection
>>>> [07/May/2013:10:04:06 +0200] conn=95 SSL 256-bit AES
>>>> [07/May/2013:10:04:06 +0200] conn=95 op=0 EXT
>>>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>>>> [07/May/2013:10:04:06 +0200] conn=95 op=0 RESULT err=1 tag=120
>>>> nentries=0 etime=0
>>>> [07/May/2013:10:04:06 +0200] conn=95 op=1 UNBIND
>>>> [07/May/2013:10:04:06 +0200] conn=95 op=1 fd=228 closed - U1
>>>>
>>>>
>>>> the plate form is :
>>>> server : CentOS-6.3-i386
>>>> client: CentOS 5.3
>>>>
>>>> [root@srv-ds-38 ~]# rpm -qi 389-ds-base
>>>> Name : 389-ds-base Relocations: (not
>>>> relocatable)
>>>> Version : 1.2.11.15 Vendor: CentOS
>>>> Release : 14.el6_4 Build Date: Tue 16 Apr
>>>> 2013 12:57:55 AM CEST
>>>> Install Date: Fri 26 Apr 2013 04:05:26 PM CEST Build Host:
>>>>
c6b7.bsys.dev.centos.org
>>>> Group : System Environment/Daemons Source RPM:
>>>> 389-ds-base-1.2.11.15-14.el6_4.src.rpm
>>>> Size : 4940881 License: GPLv2 with
>>>> exceptions
>>>> Signature : RSA/SHA1, Tue 16 Apr 2013 11:32:27 AM CEST, Key ID
>>>> 0946fca2c105b9de
>>>> Packager : CentOS BuildSystem <
http://bugs.centos.org>
>>>> URL :
http://port389.org/
>>>> Summary : 389 Directory Server (base)
>>>> Description :
>>>> 389 Directory Server is an LDAPv3 compliant server. The base package
>>>> includes
>>>> the LDAP server and command line utilities for server administration.
>>>>
>>>>
>>>> I would appreciate some help.
>>>> --
>>>>
>>>>
>>>> *
>>>>
>>>>
>>>>
>>>> ___________________________________________________________*
>>>> *Aziza Lichir*
>>>> *
>>>> *
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users(a)lists.fedoraproject.org
>>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users(a)lists.fedoraproject.org
>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>
>>
>>
>> --
>>
>>
>> *
>>
>>
>>
>> ___________________________________________________________*
>> *Aziza Lichir*
>> *
>> *
>>
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
> --
> 389 users mailing list
> 389-users(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>
--
*
___________________________________________________________*
*Aziza Lichir*
*
*
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users