[389-users] TLS failure

Aziza Lichir aziza.lichir at gmail.com
Tue May 7 08:52:39 UTC 2013 

yes this is my file :
/etc/ldap.conf

uri ldaps://srv-ds-38.meyclub.net:636
ssl start_tls
tls_cacertdir /etc/openldap/cacerts
pam_password crypt

 and /etc/openldap/ldap.conf:

URI ldaps://srv-ds-38.meyclub.net:636 --> i've tried with ldap and it was
the same
BASE dc=meyclub,dc=net
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow



2013/5/7 Grzegorz Dwornicki <gd1100 at gmail.com>

> Are you using LDAPS uri with -ZZ args?
>  7 maj 2013 10:18, "Aziza Lichir" <aziza.lichir at gmail.com> napisaƂ(a):
>
>> Hey,
>>
>> I'm having problems with TLS/SSL on my client side. When I do ldapsearch
>> -ZZ it works just fine and says that SSL started but when i try  to
>> authenticate a user I keep getting this strange error:
>>
>> [07/May/2013:10:04:06 +0200] conn=95 fd=228 slot=228 SSL connection
>> [07/May/2013:10:04:06 +0200] conn=95 SSL 256-bit AES
>> [07/May/2013:10:04:06 +0200] conn=95 op=0 EXT
>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>> [07/May/2013:10:04:06 +0200] conn=95 op=0 RESULT err=1 tag=120 nentries=0
>> etime=0
>> [07/May/2013:10:04:06 +0200] conn=95 op=1 UNBIND
>> [07/May/2013:10:04:06 +0200] conn=95 op=1 fd=228 closed - U1
>>
>>
>> the plate form is :
>>  server : CentOS-6.3-i386
>> client: CentOS  5.3
>>
>> [root at srv-ds-38 ~]# rpm -qi 389-ds-base
>> Name        : 389-ds-base                  Relocations: (not relocatable)
>> Version     : 1.2.11.15                         Vendor: CentOS
>> Release     : 14.el6_4                      Build Date: Tue 16 Apr 2013
>> 12:57:55 AM CEST
>> Install Date: Fri 26 Apr 2013 04:05:26 PM CEST      Build Host:
>> c6b7.bsys.dev.centos.org
>> Group       : System Environment/Daemons    Source RPM:
>> 389-ds-base-1.2.11.15-14.el6_4.src.rpm
>> Size        : 4940881                          License: GPLv2 with
>> exceptions
>> Signature   : RSA/SHA1, Tue 16 Apr 2013 11:32:27 AM CEST, Key ID
>> 0946fca2c105b9de
>> Packager    : CentOS BuildSystem <http://bugs.centos.org>
>> URL         : http://port389.org/
>> Summary     : 389 Directory Server (base)
>> Description :
>> 389 Directory Server is an LDAPv3 compliant server.  The base package
>> includes
>> the LDAP server and command line utilities for server administration.
>>
>>
>> I would appreciate some help.
>> --
>>
>>
>> *
>>
>>
>>
>> ___________________________________________________________*
>>  *Aziza Lichir*
>> *
>> *
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>



-- 


*



___________________________________________________________*
 *Aziza Lichir*
*
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130507/094cc4c3/attachment.html>

More information about the 389-users mailing list