>From: fedora-list-bounces@xxxxxxxxxx >[mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Daniel B. Thurman >Sent: Monday, November 14, 2005 7:28 AM >To: For users of Fedora Core releases (E-mail) >Subject: LDAP service script (/etc/init.d/ldap) > > > >Hi Folks, > >I got ldap working but I am not able to get ldaps (secure) to work. > >I ran some tests: > >Simple auth, no encryption >==================== >ldapsearch -H ldap://hostname/ -b dc=example,dc=com -x > >RESULTS: WORKS! > >Simple auth, SSL via LDAPS >====================== >ldapsearch -H ldaps://hostname/ -b dc=example,dc=com -x > >RESULTS: FAIL: ldap_bind: Can't contact LDAP server (-1) > > - Ran slapd -d -1 : See no error hints > - Looked in /var/log/messages - nothing > - netstat -a : shows listener: ldaps > >If anyone has any suggestions, please let me know! > >Also, if anyone has any really good links on getting ldap/kerberos/ssl >working please let me know! > >Thanks >Dan > Sorry folks about the bad subject line. I fixed that. I wanted to add more information: openssl s_client -CAfile /etc/openldap/cacerts/ldapCA.pem -connect ldap.cdkkt.com:636 CONNECTED(00000003) depth=1 /C=US/ST=Oregon/L=Beaverton/O=DBT And Associates/OU=ldap/CN=ldap.cdkkt.com/emailAddress=admin@xxxxxxxxx verify return:1 depth=0 /C=US/ST=Oregon/L=Beaverton/O=DBT And Associates/OU=ldap/CN=ldap.cdkkt.com/emailAddress=admin@xxxxxxxxx verify return:1 --- Certificate chain 0 s:/C=US/ST=Oregon/L=Beaverton/O=DBT And Associates/OU=ldap/CN=ldap.cdkkt.com/emailAddress=admin@xxxxxxxxx i:/C=US/ST=Oregon/L=Beaverton/O=DBT And Associates/OU=ldap/CN=ldap.cdkkt.com/emailAddress=admin@xxxxxxxxx --- Server certificate -----BEGIN CERTIFICATE----- MIID0zCCAzygAwIBAgIBATANBgkqhkiG9w0BAQQFADCBlzELMAkGA1UEBhMCVVMx DzANBgNVBAgTBk9yZWdvbjESMBAGA1UEBxMJQmVhdmVydG9uMRswGQYDVQQKExJE QlQgQW5kIEFzc29jaWF0ZXMxDTALBgNVBAsTBGxkYXAxFzAVBgNVBAMTDmxkYXAu Y2Rra3QuY29tMR4wHAYJKoZIhvcNAQkBFg9hZG1pbkBjZGtrdC5jb20wHhcNMDUx MTEzMjM1NjA4WhcNMDYxMTEzMjM1NjA4WjCBlzELMAkGA1UEBhMCVVMxDzANBgNV BAgTBk9yZWdvbjESMBAGA1UEBxMJQmVhdmVydG9uMRswGQYDVQQKExJEQlQgQW5k IEFzc29jaWF0ZXMxDTALBgNVBAsTBGxkYXAxFzAVBgNVBAMTDmxkYXAuY2Rra3Qu Y29tMR4wHAYJKoZIhvcNAQkBFg9hZG1pbkBjZGtrdC5jb20wgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBAO17IIZe1fv3KGrM+bACxMPeqC+Y0ncsGM7lrAObSYTw QlQfsF4fDnBhPrEgyYS5BD7CV5ETyBdUmQfVcs/l5G5AjhAmMUF4POieBwJWsW/I hTN+nWPn1Reu6WcqpliU1Jqz5bxy17IOT93Ah/Qnrh9KNVALZ6ZoK0iRirReINIl AgMBAAGjggErMIIBJzAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUmpJK9I5ZX77qgL1p/RSJ 9I5MtQ8wgcwGA1UdIwSBxDCBwYAU65DeeNVXt8w3GKUqoF10LK1kf4ahgZ2kgZow gZcxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xEjAQBgNVBAcTCUJlYXZl cnRvbjEbMBkGA1UEChMSREJUIEFuZCBBc3NvY2lhdGVzMQ0wCwYDVQQLEwRsZGFw MRcwFQYDVQQDEw5sZGFwLmNka2t0LmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5A Y2Rra3QuY29tggkApfBH0A0Oy+kwDQYJKoZIhvcNAQEEBQADgYEAC+Y21AFYLdVB psK+4IDVA2+rv8G0pGy+jO4FH+GbKGZbSzCFGPdKigpvDatCxGIndkw8LN58In92 4By4U95NvYLLCjdc1DtIDMxEjTNTWwkEjKy/Nkn2vblJp8lrIrHJGimcapimr4zx ui4CfJBXtrV3bc2Zp20eaLRgVciv+fU= -----END CERTIFICATE----- subject=/C=US/ST=Oregon/L=Beaverton/O=DBT And Associates/OU=ldap/CN=ldap.cdkkt.com/emailAddress=admin@xxxxxxxxx issuer=/C=US/ST=Oregon/L=Beaverton/O=DBT And Associates/OU=ldap/CN=ldap.cdkkt.com/emailAddress=admin@xxxxxxxxx --- No client certificate CA names sent --- SSL handshake has read 1145 bytes and written 340 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: EEEC2E025097267E2E39E129A1130FDA7921D57F86C4D8CC94CE4D7CBF712865 Session-ID-ctx: Master-Key: 28ACBE74CC2972246E9E1039D182643652DC2CC1F91333F68B700F22318C93CCB881A287BEF91AC498B2068C7DFAB39F Key-Arg : None Krb5 Principal: None Start Time: 1131983082 Timeout : 300 (sec) Verify return code: 0 (ok) --- ***** HANGS HERE!!!!! So, from the test it looks like there is a problem. Anyone care to comment??? Thanks! Dan -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.362 / Virus Database: 267.13.0/167 - Release Date: 11/11/2005
