[389-users] TLS failure

Grzegorz Dwornicki gd1100 at gmail.com
Tue May 7 09:18:09 UTC 2013 

On 636 your connection was working with certificate. It should be encrypted
aswell
7 maj 2013 11:16, "Aziza Lichir" <aziza.lichir at gmail.com> napisał(a):

> I agree when i used uri ldap with 389 port it was working but i want to
> connect to server on 636 port thats why i've changed my flie.
>
>
> 2013/5/7 Grzegorz Dwornicki <gd1100 at gmail.com>
>
>> What was old uri? Did you change port aswell?
>>
>> The error looks like result of trying using starttls on encrypted
>> connection. Starttls works on 389 port. You need to leave ldap and 389 port
>> in URL and then try to use starttls. This should work
>> 7 maj 2013 10:52, "Aziza Lichir" <aziza.lichir at gmail.com> napisał(a):
>>
>> yes this is my file :
>>> /etc/ldap.conf
>>>
>>> uri ldaps://srv-ds-38.meyclub.net:636
>>> ssl start_tls
>>> tls_cacertdir /etc/openldap/cacerts
>>> pam_password crypt
>>>
>>>  and /etc/openldap/ldap.conf:
>>>
>>> URI ldaps://srv-ds-38.meyclub.net:636 --> i've tried with ldap and it
>>> was the same
>>> BASE dc=meyclub,dc=net
>>> TLS_CACERTDIR /etc/openldap/cacerts
>>> TLS_REQCERT allow
>>>
>>>
>>>
>>> 2013/5/7 Grzegorz Dwornicki <gd1100 at gmail.com>
>>>
>>>> Are you using LDAPS uri with -ZZ args?
>>>>  7 maj 2013 10:18, "Aziza Lichir" <aziza.lichir at gmail.com> napisał(a):
>>>>
>>>>>  Hey,
>>>>>
>>>>> I'm having problems with TLS/SSL on my client side. When I do
>>>>> ldapsearch -ZZ it works just fine and says that SSL started but when i try
>>>>> to authenticate a user I keep getting this strange error:
>>>>>
>>>>> [07/May/2013:10:04:06 +0200] conn=95 fd=228 slot=228 SSL connection
>>>>> [07/May/2013:10:04:06 +0200] conn=95 SSL 256-bit AES
>>>>> [07/May/2013:10:04:06 +0200] conn=95 op=0 EXT
>>>>> oid="1.3.6.1.4.1.1466.20037" name="startTLS"
>>>>> [07/May/2013:10:04:06 +0200] conn=95 op=0 RESULT err=1 tag=120
>>>>> nentries=0 etime=0
>>>>> [07/May/2013:10:04:06 +0200] conn=95 op=1 UNBIND
>>>>> [07/May/2013:10:04:06 +0200] conn=95 op=1 fd=228 closed - U1
>>>>>
>>>>>
>>>>> the plate form is :
>>>>>  server : CentOS-6.3-i386
>>>>> client: CentOS  5.3
>>>>>
>>>>> [root at srv-ds-38 ~]# rpm -qi 389-ds-base
>>>>> Name        : 389-ds-base                  Relocations: (not
>>>>> relocatable)
>>>>> Version     : 1.2.11.15                         Vendor: CentOS
>>>>> Release     : 14.el6_4                      Build Date: Tue 16 Apr
>>>>> 2013 12:57:55 AM CEST
>>>>> Install Date: Fri 26 Apr 2013 04:05:26 PM CEST      Build Host:
>>>>> c6b7.bsys.dev.centos.org
>>>>> Group       : System Environment/Daemons    Source RPM:
>>>>> 389-ds-base-1.2.11.15-14.el6_4.src.rpm
>>>>> Size        : 4940881                          License: GPLv2 with
>>>>> exceptions
>>>>> Signature   : RSA/SHA1, Tue 16 Apr 2013 11:32:27 AM CEST, Key ID
>>>>> 0946fca2c105b9de
>>>>> Packager    : CentOS BuildSystem <http://bugs.centos.org>
>>>>> URL         : http://port389.org/
>>>>> Summary     : 389 Directory Server (base)
>>>>> Description :
>>>>> 389 Directory Server is an LDAPv3 compliant server.  The base package
>>>>> includes
>>>>> the LDAP server and command line utilities for server administration.
>>>>>
>>>>>
>>>>> I would appreciate some help.
>>>>> --
>>>>>
>>>>>
>>>>> *
>>>>>
>>>>>
>>>>>
>>>>> ___________________________________________________________*
>>>>>  *Aziza Lichir*
>>>>> *
>>>>> *
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users at lists.fedoraproject.org
>>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>>
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users at lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>
>>>
>>>
>>>
>>> --
>>>
>>>
>>> *
>>>
>>>
>>>
>>> ___________________________________________________________*
>>>  *Aziza Lichir*
>>> *
>>> *
>>>
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
>
> --
>
>
> *
>
>
>
> ___________________________________________________________*
>  *Aziza Lichir*
> *
> *
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130507/4f57fc54/attachment.html>

More information about the 389-users mailing list