Ldap Error Protocol Error Unable To Start Tls Communications
Contents |
Developers Page 1 of 1 [ 6 posts ] Previous topic | Next topic Author Message DukeR Post subject: LDAP TLS SSLPosted: Mon Feb 23, 2009 5:29 am Joined: Fri Dec 19, 2008
Ldap_start_tls(): Unable To Start Tls: Can't Contact Ldap Server
3:50 amPosts: 26 Hi everybody I am using cacti 0.8.7b on a CentOS machine, and i ldap_start_tls connect error wanna use the SSL or TLS encryption, but it doesn't work. Without encryption everything works fine. this are my settings for none Encryption: server: test.domain.com
Ldap_start_tls(): "unable To Start Tls: Server Is Unavailable"
Port Standard: 389 Port SSL: 636 Protocol: 3 Encryption: None No searching Distinguished Name (DN):
and get tips & solutions from a community of 418,582 IT Pros & Developers. It's quick & easy. unable to start TLS in ldap
Zimbra Unable To Start Tls: Hostname Verification Failed When Connecting To Ldap Master.
queries P: n/a yawnmoth When I try to use the ldap_search() function on ldap_start_tls: server is unavailable (52) an LDAP server and I've connected to, I get the following error message: Warning: ldap_search(): Search: Confidentiality required in C:\path\to\script.php
Php Ldap Tls_reqcert
on line xxx So I try to use ldap_start_tls() and get this error: Wwarning: ldap_start_tls(): Unable to start TLS: Connect error in C:\path\to\script.php on line xxx I try to set LDAP_OPT_PROTOCOL_VERSION to 3, with http://forums.cacti.net/about31293.html ldap_set_option, before doing ldap_start_tls, and get the same error. Anyway, I'm not really sure what the problem is. Any ideas? Jan 5 '07 #1 Post Reply Share this Question 2 Replies P: n/a petersprc Hi, You might want to make sure the hostname you're using in ldap_connect matches the CN in the server's certificate exactly. You could try using ldaps:// as the protocol. You might also need https://bytes.com/topic/php/answers/584724-unable-start-tls-ldap-queries to set your certificate dir or file in the client's ldap.conf file too. For example, using the stock package from RHEL4: /etc/openldap/ldap.conf: TLS_CACERT /usr/share/ssl/certs/slapd.pem # self-signed cert Client script: $ds = ldap_connect('ldaps://localhost.localdomain'); if ($ds === false) { trigger_error('ldap_connect', E_USER_ERROR); } ?> yawnmoth wrote: When I try to use the ldap_search() function on an LDAP server and I've connected to, I get the following error message: Warning: ldap_search(): Search: Confidentiality required in C:\path\to\script.php on line xxx So I try to use ldap_start_tls() and get this error: Wwarning: ldap_start_tls(): Unable to start TLS: Connect error in C:\path\to\script.php on line xxx I try to set LDAP_OPT_PROTOCOL_VERSION to 3, with ldap_set_option, before doing ldap_start_tls, and get the same error. Anyway, I'm not really sure what the problem is. Any ideas? Jan 6 '07 #2 P: n/a yawnmoth petersprc wrote: Hi, You might want to make sure the hostname you're using in ldap_connect matches the CN in the server's certificate exactly. You could try using ldaps:// as the protocol. You might also need to set your certificate dir or file in the client's ldap.conf file too. For example, using the stock package from RHEL4: /etc/openldap/ldap.conf: TLS_CACERT /usr/share/ssl/certs/slapd.pem # self-signed cert I'm using Windows
not want to verify certificate. Is it possible ? How must Ido it ?Thanks you for your help--Jean FrontinSystem teamI R I TUniversité Paul-Sabatier118, http://cacti-user.narkive.com/DftQUoPx/authentication-ldap-tls rte de Narbonne31062 Toulouse cedex 9Francetel (33)(0)5 61 55 63 03mail ***@irit.fr Tony Roman 2009-06-25 12:38:26 UTC PermalinkRaw Message You will need to edit your ldap.conf file https://www.drupal.org/node/99009 (in linux this is likely/etc/ldap.conf or /etc/openldap/ldap.conf) and add the following if itdoes not already exist: TLS_REQCERT neverNOTE: if you must edit this file, you need to unable to restart apache/yourwebserver in order to re-read these changes.Tony RomanCacti DeveloperPost by Jean FrontinHello,I should want to authenticate cacti users against a ldap server with tlsbut I should not want to verify certificate. Is it possible ? How must Ido it ?Thanks you for your help Jean Frontin 2009-06-26 13:09:00 UTC PermalinkRaw Message Hello,As Tony said unable to start me I added "TLS_REQCERT never" in the "ldap.conf". Thisfile contains a line "TLS_checkpeer no".However, I encounter the following message when I try to connect to cacti.LDAP Search Error: Protocol error, unable to start TLS communicationsRegards--Jean FrontinSystem teamI R I TUniversité Paul-Sabatier118, rte de Narbonne31062 Toulouse cedex 9Francetel (33)(0)5 61 55 63 03mail ***@irit.fr Tony Roman 2009-06-28 15:58:28 UTC PermalinkRaw Message This might be an issue of SSL support for LDAP it not available for thePHP module?What OS/Distro are you running?Tony RomanCacti DeveloperPost by Jean FrontinHello,As Tony said me I added "TLS_REQCERT never" in the "ldap.conf". Thisfile contains a line "TLS_checkpeer no".However, I encounter the following message when I try to connect to cacti.LDAP Search Error: Protocol error, unable to start TLS communicationsRegards 3 Replies 67 Views Switch to linear view Disable enhanced parsing Permalink to this page Thread Navigation Jean Frontin 2009-06-25 11:39:28 UTC Tony Roman 2009-06-25 12:38:26 UTC Jean Frontin 2009-06-26 13:09:00 UTC Tony Roman 2009-06-28 15:58:28 UTC about - legalese Loading...
that make connections all over the world. Join today Download & Extend Drupal Core Distributions Modules Themes LDAP integrationIssues LDAP Bind failure for user... Can't contact LDAP server Closed (won't fix)Project:LDAP integrationVersion:4.7.x-1.x-devComponent:CodePriority:MinorCategory:Bug reportAssigned:UnassignedReporter:js1Created:November 21, 2006 - 22:13Updated:December 16, 2011 - 11:14 Log in or register to update this issue Was using ldap://my_ldap_server (port 389) and TLS without an issue until I was told that was only for testing. For production, I now have to use ldaps://my_ldap_server (port 636) and SSL without TLS. Now, I cannot bind with my service account. I'm able to run ldapsearch on the same system (using ldaps://) that Drupal is running on, and ldapsearch works fine. ldap.conf file is same. I did a tcpdump trace and found that the drupal ldap module doesn't seem to be sending a SSLv2 "Client Hello," which is the first packet after the TCP handshake using ldapsearch. Drupal seems to send a SSL "Continuation Data" packet, instead of the client hello. Comments Comment #1 sammys CreditAttribution: sammys commented November 26, 2006 at 3:04am I've stumbled on this myself. I was also getting the same problem with NSS authentication. Fixing the NSS problem seemed to assist with the LDAP module. My fix was to add 'TLS_REQCERT never' to the /etc/ldap/ldap.conf file (on linux/Debian sarge). After that i've been having login problems with the bind process failing intermittantly. I'm trying to find the source of the problem. -- Sammy Spets Synergerhttp://synerger.com Log in or register to post comments Comment #2 sammys CreditAttribution: sammys commented November 26, 2006 at 3:35am Thought it might be useful to add what I mean by intermittant. I've managed to get the bind working occasionally by playing around with the settings: Store passwords in encrypted form Password for non-anonymous search Kind of weird I know... but that's how it is! Log in or register to post comments Comment #3 js1 CreditAttribution: js1 commented November 27, 2006 at 2:05am My fix was to ad