LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 10-27-2013, 10:32 PM   #1
CharlesMM
LQ Newbie
 
Registered: Oct 2013
Posts: 3

Rep: Reputation: Disabled
centos 6.4 openldap tls handshake negotiation


ok i cannot for the life of me work out how to get my tsl working on centos 6.4

from what i can see openldap is not sending extended props in the tls hello negotiation and so after the compression ... nothing

can anybody help?


[root@alty user]# ldapsearch -H ldaps://alty.abc.com:636 -D "cn=manager, dc=abc, dc=com" -wsecret -d7
ldap_url_parse_ext(ldaps://alty.abc.com:636)
ldap_create
ldap_url_parse_ext(ldaps://alty.abc.com:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP alty.abc.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.0.3:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
TLS: certdb config: configDir='/etc/openldap/certs' tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly
TLS: using moznss security dir /etc/openldap/certs prefix .
TLS: loaded CA certificate file /etc/openldap/certs/abc.com.crt.
TLS: certificate 'alty.abc.com' successfully loaded from moznss database.
TLS: no unlocked certificate for certificate 'CN=alty.abc.com,DC=abc,DC=com'.
TLS: certificate [CN=alty.abc.com,DC=abc,DC=com] is valid
tls_write: want=102, written=102
0000: 16 03 01 00 61 01 00 00 5d 03 01 52 6d 6f df eb ....a...]..Rmo..
0010: e0 92 c2 2d 32 25 50 d8 93 94 0a 23 8b ca d0 ea ...-2%P....#....
0020: 57 1b 2c de 38 48 6c 19 bb 58 de 00 00 36 00 ff W.,.8Hl..X...6..
0030: 00 88 00 87 00 39 00 38 00 84 00 35 00 45 00 44 .....9.8...5.E.D
0040: 00 66 00 33 00 32 00 96 00 41 00 05 00 04 00 2f .f.3.2...A...../
0050: 00 16 00 13 00 0a 00 15 00 12 00 09 00 64 00 62 .............d.b
0060: 00 03 00 06 01 00 ......
tls_read: want=5, got=0

TLS: error: tlsm_PR_Recv returned 0 - error 21:Is a directory
TLS: error: connect - force handshake failure: errno 21 - moznss error -5938
TLS: can't connect: TLS error -5938:Encountered end of file.
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
 
Old 10-28-2013, 10:39 PM   #2
CharlesMM
LQ Newbie
 
Registered: Oct 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
[SOLVED] centos 6.4 openldap tls handshake negotiation

chown ldap:ldap /etc/openldap/certs

 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Centos 6.4 with OpenLDAP+TLS: OpenLDAP ok, add TLS =>not ok chrism01 Linux - Server 2 10-27-2013 03:15 PM
centos 6.3 TLS negotiation failure against openldap eztarg3t Linux - Enterprise 13 10-30-2012 04:28 PM
[SOLVED] OpenLDAP Client 2.4.23: TLS negotiation failure allinduke Linux - Desktop 9 02-21-2012 01:08 PM
openvpn error: TLS Error: TLS key negotiation failed to occur within 60 seconds pendrive Linux - Networking 1 11-02-2011 08:39 AM
postfix gives me tls handshake failure kryptonite0110 Linux - Software 0 01-02-2006 10:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 04:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration