From: Alexey Borovskoy <alexey_borovskoy@pochtamt.ru>
To: community@altlinux.ru
Subject: [Comm] OpenLDAP и SSL
Date: Sat, 19 Apr 2003 14:53:48 +1300
Message-ID: <200304191453.48391.alexey_borovskoy@pochtamt.ru> (raw)
Добрый день.
Не получается подружить openldap с openssl.
Без ssl ldap работает нормально.
Дано:
openldap-servers-2.0.27-alt5
openldap-2.0.27-alt5
openssl-0.9.6i-alt3
1. Генерю сертификат с помощью
openssl req -new -x509 -nodes -out ldap.pem -keyout ldap.pem
cn прописываю как server.intranet. В DNS все нормально.
2. Получившийся сертификат кладу в /etc/openldap/
3. В /etc/openldap/slapd.conf раскоментирую строчки
TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /etc/openldap/ldap.pem
TLSCertificateKeyFile /etc/openldap/ldap.pem
TLSCACertificateFile /etc/openldap/ldap.pem
4. Делаю service ldap start
5. Делаю netstat -tl
tcp 0 0 server.intranet:ldaps *:* LISTEN
6. Коннекчусь GQ, прописываю пароль rootdn и получаю ошибку
Can't contact LDAP server
7. Беру ldapsearch -ZZ -D "cn=ldapadmin,dc=intranet" -w secret -h
server.intranet -p 636 -n -v -d 9
получаю
ldap_init( server.intranet, 636 )
ldap_create
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_to_host: server.intranet
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.1.1.7:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
ldap_ndelay_on: 3
ldap_is_sock_ready: 3
ldap_ndelay_off: 3
ldap_open_defconn: successful
ldap_send_server_request
ber_flush: 31 bytes to sd 3
ldap_result msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue, msgid 1, all 1
** Connections:
* host: server.intranet port: 636 (default)
refcnt: 2 status: Connected
last used: Sat Apr 19 14:05:27 2003
** Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** Response Queue:
Empty
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList returns NULL
do_ldap_select
read1msg: msgid 1, all 1
ber_get_next
ber_get_next failed.
ldap_perror
ldap_start_tls: Can't contact LDAP server
В логах сервера:
Apr 19 14:18:18 server slapd[21284]: slapd startup: initiated.
Apr 19 14:18:18 server slapd[21284]: slapd starting
Apr 19 14:18:18 server slapd[21294]: daemon: added 6r
Apr 19 14:18:18 server slapd[21294]: daemon: select: listen=6
active_threads=0 tvp=NULL
Apr 19 14:18:41 server slapd[21294]: daemon: activity on 1
descriptors
Apr 19 14:18:41 server slapd[21294]: daemon: new connection on 9
Apr 19 14:18:41 server slapd[21294]: daemon: conn=0 fd=9
connection from IP=10.1.1.10:32987 (IP=10.1.1.7:636) accepted.
Apr 19 14:18:41 server slapd[21294]: daemon: added 9r
Apr 19 14:18:41 server slapd[21294]: daemon: activity on:
Apr 19 14:18:41 server slapd[21294]:
Apr 19 14:18:41 server slapd[21294]: daemon: select: listen=6
active_threads=0 tvp=NULL
Apr 19 14:18:41 server slapd[21294]: daemon: activity on 1
descriptors
Apr 19 14:18:41 server slapd[21294]: daemon: activity on:
Apr 19 14:18:41 server slapd[21294]: 9r
Apr 19 14:18:41 server slapd[21294]:
Apr 19 14:18:41 server slapd[21294]: daemon: read activity on 9
Apr 19 14:18:41 server slapd[21294]: connection_get(9)
Apr 19 14:18:41 server slapd[21294]: connection_get(9): got
connid=0
Apr 19 14:18:41 server slapd[21294]: connection_read(9): checking
for input on id=0
Apr 19 14:18:41 server slapd[21294]: connection_read(9): TLS
accept error error=-1 id=0, closing
Apr 19 14:18:41 server slapd[21294]: connection_closing: readying
conn=0 sd=9 for close
Apr 19 14:18:41 server slapd[21294]: connection_close: conn=0
sd=9
Apr 19 14:18:41 server slapd[21294]: daemon: removing 9
Apr 19 14:18:41 server slapd[21294]: conn=-1 fd=9 closed
Apr 19 14:18:41 server slapd[21294]: daemon: select: listen=6
active_threads=0 tvp=NULL
Apr 19 14:18:41 server slapd[21294]: daemon: activity on 1
descriptors
Apr 19 14:18:41 server slapd[21294]: daemon: select: listen=6
active_threads=0 tvp=NULL
Что я делаю не так?
----
Алексей.
next reply other threads:[~2003-04-19 1:53 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-19 1:53 Alexey Borovskoy [this message]
2003-04-19 10:37 ` Maxim Tyurin
2003-04-21 3:11 ` Alexey Borovskoy
2003-04-21 10:22 ` Igor Muratov
2003-04-22 6:14 ` Alexey Borovskoy
2003-04-22 10:43 ` Igor Muratov
2003-04-22 22:18 ` Alexey Borovskoy
2003-05-05 16:17 ` Igor Muratov
2003-04-22 22:30 ` Dmitry Lebkov
2003-04-23 2:06 ` Alexey Borovskoy
2003-04-23 2:17 ` Alexey Borovskoy
2003-04-23 2:33 ` Dmitry Lebkov
2003-04-23 3:28 ` Alexey Borovskoy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200304191453.48391.alexey_borovskoy@pochtamt.ru \
--to=alexey_borovskoy@pochtamt.ru \
--cc=community@altlinux.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git