Ldap_start_tls Connect Error
Contents |
Fri, 3 Sep ldap_start_tls(): "unable to start tls: server is unavailable" 2004 18:05:48 -0300 Cc: openldap-software@OpenLDAP.org Content-disposition: inline
Tls: Peer Cert Untrusted Or Revoked (0x42)
In-reply-to:
Wed, 7 Dec 2011 16:52:03 +0100 Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
Ldap_start_tls: Server Is Unavailable (52)
h=mime-version:from:date:message-id:subject:to:content-type; bh=aIqLzqeneI0d+RAUhL2mcgx8cPJ+8/SX9Yff+WnjhkY=; b=K6pYIKFDILB+N6SFIybULX0ZuFO/Y1jPJgsE9WhsSlCiAX5UYZra2nrFfmh+k61EHO fSA3VISvMrGVjoMfixec6TNtS107TOuIpoUebCwADoClaPln47bJyagiCXm5bW+72X5l vRKlMGI28s/Iz+7hlN8qRfEfSmneRqKsucj54= Hello, I try to zimbra unable to start tls: hostname verification failed when connecting to ldap master. create a openLdap + TLS server for my university laboratory.My configuration is
Tls_reqcert Never
:Linux ***** 2.6.32-5-686 #1 SMP Mon Oct 3 04:15:24 UTC 2011 i686 GNU/Linux slapd 2.4.23 (This version use gnutls library)I apply http://www.openldap.org/lists/openldap-software/200409/msg00060.html this tutorial on help.ubuntu.com (see TLS and SSL section) https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html The command i use to make the auto-signed certificate :(with cn=localhost in my localhost.info and ca.info)sh -c "certtool --generate-privkey > /etc/ssl/myLdapKey/cakey.pem" certtool --generate-self-signed --load-privkey /etc/ssl/myLdapKey/cakey.pem --template /etc/ssl/myLdapKey/ca.info --outfile /etc/ssl/myLdapKey/cacert.pemsh -c "certtool --generate-privkey > /etc/ssl/myLdapKey/localhost_slapd_key.pem" http://www.openldap.org/lists/openldap-technical/201112/msg00073.html After that :adduser openldap ssl-certchgrp ssl-cert /etc/ssl/myLdapKey/localhost_slapd_key.pemchmod g+r /etc/ssl/myLdapKey/localhost_slapd_key.pem -I add the cert path info file into ldap with a file, tls-config.ldif which contain : dn: cn=configadd: olcTLSCACertificateFileolcTLSCACertificateFile: /etc/ssl/myLdapKey/cacert.pemdd: olcTLSCertificateFile olcTLSCertificateFile: /etc/ssl/myLdapKey/localhost_slapd_cert.pemadd: olcTLSCertificateKeyFileolcTLSCertificateKeyFile: /etc/myLdapKey/localhost_slapd_key.pemldapmodify -QY EXTERNAL -H ldapi:/// -f tls-config.ldif I uncomment this in my etc/default/slapdSLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"After, i use for my client in my ldap.conf : BASE dc=parisgeo,dc=cnrs,dc=fr URI ldap://localhost SSL start_tls TLS_CACERT /etc/ssl/myLdapKey/cacert.pem TLS_REQCERT demandI restart server with succes, but when i try to connect, i have this error (botom off this mail),do you have an explanation ? Thanks a lot if you can help me ...Best regards, SR. root@*****:/etc/ldap# ldapsearch -x -LLL -ZZ -d 1ldap_createldap_extended_operation_sldap_extended_operationldap_send_initial_requestldap_new_connection 1 1 0ldap_int_open_connectionldap_connect_to_host: TCP localhost:389 ldap_new_socket: 3ldap_prepare_socket: 3ldap_connect_to_host: Trying 127.0.0.1:389ldap_pvt_connect: fd: 3 tm: -1 async: 0ldap_open_defconn: successfulldap_se
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies http://superuser.com/questions/1080720/openldap-tls-negotiation-failure-ldap-start-tls-connect-error-11-additional of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Super User Questions Tags Users Badges Unanswered Ask Question _ Super User is a question and answer site for computer enthusiasts and power users. Join them; it only takes a minute: Sign up Here's how it works: Anybody can connect error ask a question Anybody can answer The best answers are voted up and rise to the top OpenLDAP TLS negotiation failure ldap_start_tls: Connect error (-11) additional info: A TLS packet with unexpected length was received up vote 0 down vote favorite I have tried to configure Openldap with TLS. I have an TLS certificates and configured with .ldif file and changed necessary configuration unable to start in ldap.conf file. I am using ubuntu 14.04 LTS operating system. Checking the LDAP with following commands # ldapsearch -x able to see the DIT as follows # search result search: 2 result: 0 Success # numResponses: 28 # numEntries: 27 while accessing with TLS support option that is ldapsearch -x -ZZ getting the following error ldap_start_tls: Connect error (-11) additional info: A TLS packet with unexpected length was received. In /var/log/syslog May 25 12:47:46 ip-172-30-0-218 slapd[6560]: conn=1005 fd=19 ACCEPT from IP=127. 0.0.1:54306 (IP=0.0.0.0:389) May 25 12:47:46 ip-172-30-0-218 slapd[6560]: conn=1005 op=0 EXT oid=1.3.6.1.4.1. 1466.20037 May 25 12:47:46 ip-172-30-0-218 slapd[6560]: conn=1005 op=0 STARTTLS May 25 12:47:46 ip-172-30-0-218 slapd[6560]: conn=1005 op=0 RESULT oid= err=0 te xt= May 25 12:47:46 ip-172-30-0-218 slapd[6560]: conn=1005 fd=19 closed **(TLS negotia tion failure)** Here is the configurations of ldap.conf # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASE dc=infoarmor,dc=com URI ldap:// ldapi:// ldaps:// #URI ldap://192.168.1.123:389 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never SSL start_tls TLS_CACERT /etc/ssl/_wildcard.infoarmor.com.crt TLS_REQCERT demand Here is the configurations of ssl.ldif dn: cn=config replace: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/ldap/ssl/ldap.test.com.crt replace: olcTLSCertificateFile olcTLSCertifi