RHEL 6 openldap strange TLS behaviour
OKi, so here is the basic setup
REHEL6.2 x64 + openldap-servers installed
TLSCertificateFile /etc/openldap/cacerts/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/cacerts/slapdkey.pem
openssl req -new -x509 -nodes -out /etc/openldap/cacerts/slapdcert.pem -keyout /etc/openldap/cacerts/slapdkey.pem -days 365
ldap.conf
URI ldap://192.168.40.220/
BASE dc=domain1,dc=local
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
on ldap server
create and tested the connection with user1
!!!!!!!now on remote machine [192.168.40.11]!!!!!
-enabled ldap auth
ldap.conf
URI ldap://192.168.40.220/
BASE dc=domain1,dc=local
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
!!! on ldap server debug option has been enabled !!!
- when user1 trying to connect on remote machine [192.168.40.11] it fails
Here is the log of slapd !!
conn=1002 op=0 do_extended
ber_scanf fmt ({m) ber:
send_ldap_extended: err=0 oid= len=0
send_ldap_response: msgid=1 tag=120 err=0
ber_flush2: 14 bytes to sd 14
connection_get(14): got connid=1002
connection_read(14): checking for input on id=1002
TLS: certificate [CN=*.domain1.local,O=IBM,L=myCity\\,ST=Wienn,C=AT] is valid
connection_get(14): got connid=1002
connection_read(14): checking for input on id=1002
TLS: error: accept - force handshake failure: errno 11 - moznss error -12195
TLS: can't accept: TLS error -12195:Unknown code ___P 93.
connection_read(14): TLS accept failure error=-1 id=1002, closing
connection_close: conn=1002 sd=14
just to mention: on ldap server user1 is able to authenticate...
So... it's a ldap/openssl bug... or i did something wrong ??????
|