ldapsearch from server does not work but works from client
- From: SYeen Su <seauyeen@xxxxxxxxxxxxxx>
- Date: Thu, 30 Dec 2010 01:46:34 -0800 (PST)
Hi all,
I have managed to install OpenLdap 2.4 on a RHEL 5.2 workstation. The
basic openldap without TLS/SSL works fine. On the server itself and
from the client I was able to do ldapsearch. However, after I created
a server.pem by going through this : [url=http://
www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS]Quick
HOWTO : Ch31 : Centralized Logins Using LDAP and RADIUS - Linux Home
Networking[/url]
ldapsearch on the ldap server itself does not work anymore. The
summary of the configuration is as below:
server.pem is created in /usr/local/etc/openldalp/cacerts and
client.pem is in /etc/openldap/cacerts. client.pem is also moved to
clients and ldapsearch works fine from client workstation. However, in
the ldap server itself it does not. THe output of /etc/ldap.conf looks
like below:
uri ldaps://syna-ldap-02.synamatix.com/
tls_cacertdir /etc/openldap/cacerts
pam_password md5
My /usr/local/etc/openldap/slapd.conf TLS portion looks like below:
TLSCipherSuite HIGH:MEDIUM:+SSLv2:+SSLv3:RSA
TLSCACertificateFile /usr/local/etc/openldap/cacerts/server.pem
TLSCertificateFile /usr/local/etc/openldap/cacerts/server.pem
TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/server.pem
TLSVerifyClient allow
The error from ldapsearch x -H ldaps://syna-ldap-02.synamatix.com -
d127 in the server itself is as below:
TLS ceritficate verification: depth: 0, err: 18, subject: /C=MY/ST=KL/
L=MV/O=MGRC/OU=IT/CN=syna-ldap-02.synamatix.com/
emailAddress=seauyeen@xxxxxxxxxxx, issuer: /C=MY/ST=KL/L=MV/O=MGRC/
OU=IT/CN=syna-ldap-02.synamatix.com/emailAddress=seauyeen@xxxxxxxxxxx
TLS certificate verification: Error, self signed certificate
tls_write: want=7, write=7
0000: 15 03 01 00 02 02 30
TLS trace: SSL3 alert write:fata:unknown CA
TLS trace: SSL connect:error in SSLv3 read server certificate B
TLS trace: SSL_connect:error in SSLv3 read server certificate B
TLS: can't connect: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self
signed certificate).
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
On the server end, as I started with debug mode, I get errors below:
TLS trace: SSL3 alert read: fatal: unknown CA
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept: erro: 14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca.
connection_read(13): TLS accept failure error=-1 id=1010,closing
......
Why is that ldapsearch from client workstation works fine but not in
the ldap server itself? It is osoo baffling. It is fine without TLS
activated. I have been working on this for 1 week! The information
online does not seem to cater to this weird incident of mine.
Hope to receive some assistance really soon. Thanks and Happy new year
guys!!!!
.
- Prev by Date: Re: Bad passphrase with public key authentication
- Previous by thread: Bad passphrase with public key authentication
- Index(es):
Relevant Pages
|
