From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-ID: <013801c4e878$18f140c0$0200000a@artist> From: "Artem Bokhan" To: Date: Thu, 23 Dec 2004 04:46:37 +0600 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="koi8-r"; reply-type=original Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-AV-Checked: ClamAV Subject: [Comm] Updating OpenLDAP 2.0.x -> 2.1.x (master 2.2 -> 2.4) X-BeenThere: community@altlinux.ru X-Mailman-Version: 2.1.5 Precedence: list Reply-To: community@altlinux.ru List-Id: Mailing list for ALT Linux users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Dec 2004 22:46:42 -0000 Archived-At: List-Archive: List-Post: Здравствуйте. После апдейта системы с master 2.2 на 2.4 возникли проблемы с OpenLDAP при использовании TLS. Ранее все работало без проблем. Не работает аутентификация через pam_ldap и утилиты типа ldapsearch, именно при включенном TLS. _______________________________________________ # ldapsearch -ZZ ldap_start_tls: Operations error (1) additional info: TLS already started _______________________________________________ /usr/sbin/slapd -d 7 -u ldap -r /var/lib/ldap -h "ldap:/// ldaps:///" FILTER:: str2filter: "(objectclass=*)" FILTER:: get_filter: conn 0 BER:: ber_scanf fmt (m) ber: CONNECTION:: connection_get: socket 10 TRANSPORT:: tls_info_cb: TLS trace: SSL_accept:error in SSLv3 read client certificate A TRANSPORT:: tls_info_cb: TLS trace: SSL_accept:error in SSLv3 read client certificate A CONNECTION:: connection_get: socket 10 CONNECTION:: connection_read: conn 0 unable to get TLS client DN, error 49 CONNECTION:: connection_get: socket 10 BER:: ber_get_next: enter OPERATION:: do_extended: conn 0 BER:: BER:: ber_get_next: enter CONNECTION:: connection_input: conn 0 ber_get_next failed, errno 11 (Resource temporarily unavailable). ber_scanf fmt ({m) ber: OPERATION:: send_ldap_extended: err=1 oid= len=0 OPERATION:: send_ldap_response: msgid=1 tag=120 err=1 CONNECTION:: connection_get: socket 10 BER:: ber_get_next: enter CONNECTION:: connection_input: conn 0 ber_get_next failed, errno 0 (Success). CONNECTION:: connection_read: conn 0 input error -2, closing. конфигурация сервера: allow bind_v2 include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema pidfile /var/run/slapd.pid argsfile /var/run/slapd.args modulepath /usr/lib/openldap moduleload back_ldbm.la TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/ssl/ldap.pem TLSCertificateKeyFile /etc/openldap/ssl/ldap.pem TLSCACertificateFile /etc/openldap/ssl/ldap.pem TLSVerifyClient never threads 100 idletimeout 3600 password-hash {CRYPT} password-crypt-salt-format "$1$%.8s" access to attr=userPassword by self write by anonymous auth by * none access to * by * read database ldbm suffix "dc=my,dc=server" rootdn "cn=admin,dc=my,dc=server" rootpw password directory /var/lib/ldap/bases/my.server loglevel 8 index objectClass,uid,uidNumber,gidNumber eq index cn,mail,surname,givenname eq,subinitial конфигурация клиента: BASE dc=my,dc=server URI ldaps://localhost rootbinddn cn=admin,dc=my,dc=server pam_password md5 tls on TLS_REQCERT never Сертификат создавался: # pwd /var/lib/ssl/certs # make ldap.pem [пропущено] Country Name (2 letter code) [AU]:RU State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:. Organization Name (eg, company) [Internet Widgits Pty Ltd]:. Organizational Unit Name (eg, section) []:. Common Name (eg, your name or your server's hostname) []:my.server Email Address []:.