[Pkg-openldap-devel] Bug#538278: Bug#538278: ldaps doesn't work with tls
Nicolas Jungers
deblbug at jungers.net
Fri Jul 24 16:16:13 UTC 2009
Matt Kassawara a écrit :
> Looks like you're using cacert.org <http://cacert.org> to sign your
> certificates. Since Debian already includes that CA, try installing the
> ca-certificates package and changing TLSCACertificateFile to
> /etc/ssl/certs/ca-certificates.crt... at least for testing purposes.
>
# TLS configuration
# CA
#TLSCACertificateFile /etc/ssl/certs/cacert.org.pem
TLSCACertificateFile /etc/ssl/certs/ca-certificates.crt
# Cert
TLSCertificateFile /etc/ssl/certs/main.jungers.net.pem
#TLSCertificateFile /etc/ssl/certs/ldap.jungers.net.pem
TLSCertificateKeyFile /etc/ssl/private/main.jungers.net-key.pem
#TLSCipherSuite HIGH <-- not with gnutls (openssl keyword)
/etc/init.d/slapd restart;ps ax|grep slapd
Stopping OpenLDAP: slapd.
Starting OpenLDAP: slapd.
5680 ? Ssl 0:00 /usr/sbin/slapd -h ldap:/// ldaps:/// -g
openldap -u openldap -f /etc/ldap/slapd.conf
5682 pts/12 S+ 0:00 grep slapd
and then
ldapsearch -x '(objectclass=*)' -ZZ -d1
ldap_create
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP main.jungers.net:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 91.121.14.130:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 31 bytes to sd 3
ldap_result ld 0x7f1295f641b0 msgid 1
wait4msg ld 0x7f1295f641b0 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f1295f641b0 msgid 1 all 1
** ld 0x7f1295f641b0 Connections:
* host: main.jungers.net port: 389 (default)
refcnt: 2 status: Connected
last used: Fri Jul 24 18:14:57 2009
** ld 0x7f1295f641b0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f1295f641b0 request count 1 (abandoned 0)
** ld 0x7f1295f641b0 Response Queue:
Empty
ld 0x7f1295f641b0 response count 0
ldap_chkResponseList ld 0x7f1295f641b0 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f1295f641b0 NULL
ldap_int_select
read1msg: ld 0x7f1295f641b0 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x7f1295f641b0 msgid 1 message type extended-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x7f1295f641b0 0 new referrals
read1msg: mark request completed, ld 0x7f1295f641b0 msgid 1
request done: ld 0x7f1295f641b0 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eAA) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_err2string
ldap_start_tls: Connect error (-11)
same result
Nicolas
More information about the Pkg-openldap-devel
mailing list