From: Alexey Borovskoy <alexey_borovskoy@pochtamt.ru> To: community@altlinux.ru Subject: [Comm] OpenLDAP и SSL Date: Sat, 19 Apr 2003 14:53:48 +1300 Message-ID: <200304191453.48391.alexey_borovskoy@pochtamt.ru> (raw) Добрый день. Не получается подружить openldap с openssl. Без ssl ldap работает нормально. Дано: openldap-servers-2.0.27-alt5 openldap-2.0.27-alt5 openssl-0.9.6i-alt3 1. Генерю сертификат с помощью openssl req -new -x509 -nodes -out ldap.pem -keyout ldap.pem cn прописываю как server.intranet. В DNS все нормально. 2. Получившийся сертификат кладу в /etc/openldap/ 3. В /etc/openldap/slapd.conf раскоментирую строчки TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /etc/openldap/ldap.pem TLSCertificateKeyFile /etc/openldap/ldap.pem TLSCACertificateFile /etc/openldap/ldap.pem 4. Делаю service ldap start 5. Делаю netstat -tl tcp 0 0 server.intranet:ldaps *:* LISTEN 6. Коннекчусь GQ, прописываю пароль rootdn и получаю ошибку Can't contact LDAP server 7. Беру ldapsearch -ZZ -D "cn=ldapadmin,dc=intranet" -w secret -h server.intranet -p 636 -n -v -d 9 получаю ldap_init( server.intranet, 636 ) ldap_create ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection ldap_int_open_connection ldap_connect_to_host: server.intranet ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 10.1.1.7:636 ldap_connect_timeout: fd: 3 tm: -1 async: 0 ldap_ndelay_on: 3 ldap_is_sock_ready: 3 ldap_ndelay_off: 3 ldap_open_defconn: successful ldap_send_server_request ber_flush: 31 bytes to sd 3 ldap_result msgid 1 ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL wait4msg (infinite timeout), msgid 1 wait4msg continue, msgid 1, all 1 ** Connections: * host: server.intranet port: 636 (default) refcnt: 2 status: Connected last used: Sat Apr 19 14:05:27 2003 ** Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** Response Queue: Empty ldap_chkResponseList for msgid=1, all=1 ldap_chkResponseList returns NULL do_ldap_select read1msg: msgid 1, all 1 ber_get_next ber_get_next failed. ldap_perror ldap_start_tls: Can't contact LDAP server В логах сервера: Apr 19 14:18:18 server slapd[21284]: slapd startup: initiated. Apr 19 14:18:18 server slapd[21284]: slapd starting Apr 19 14:18:18 server slapd[21294]: daemon: added 6r Apr 19 14:18:18 server slapd[21294]: daemon: select: listen=6 active_threads=0 tvp=NULL Apr 19 14:18:41 server slapd[21294]: daemon: activity on 1 descriptors Apr 19 14:18:41 server slapd[21294]: daemon: new connection on 9 Apr 19 14:18:41 server slapd[21294]: daemon: conn=0 fd=9 connection from IP=10.1.1.10:32987 (IP=10.1.1.7:636) accepted. Apr 19 14:18:41 server slapd[21294]: daemon: added 9r Apr 19 14:18:41 server slapd[21294]: daemon: activity on: Apr 19 14:18:41 server slapd[21294]: Apr 19 14:18:41 server slapd[21294]: daemon: select: listen=6 active_threads=0 tvp=NULL Apr 19 14:18:41 server slapd[21294]: daemon: activity on 1 descriptors Apr 19 14:18:41 server slapd[21294]: daemon: activity on: Apr 19 14:18:41 server slapd[21294]: 9r Apr 19 14:18:41 server slapd[21294]: Apr 19 14:18:41 server slapd[21294]: daemon: read activity on 9 Apr 19 14:18:41 server slapd[21294]: connection_get(9) Apr 19 14:18:41 server slapd[21294]: connection_get(9): got connid=0 Apr 19 14:18:41 server slapd[21294]: connection_read(9): checking for input on id=0 Apr 19 14:18:41 server slapd[21294]: connection_read(9): TLS accept error error=-1 id=0, closing Apr 19 14:18:41 server slapd[21294]: connection_closing: readying conn=0 sd=9 for close Apr 19 14:18:41 server slapd[21294]: connection_close: conn=0 sd=9 Apr 19 14:18:41 server slapd[21294]: daemon: removing 9 Apr 19 14:18:41 server slapd[21294]: conn=-1 fd=9 closed Apr 19 14:18:41 server slapd[21294]: daemon: select: listen=6 active_threads=0 tvp=NULL Apr 19 14:18:41 server slapd[21294]: daemon: activity on 1 descriptors Apr 19 14:18:41 server slapd[21294]: daemon: select: listen=6 active_threads=0 tvp=NULL Что я делаю не так? ---- Алексей.
next reply other threads:[~2003-04-19 1:53 UTC|newest] Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top 2003-04-19 1:53 Alexey Borovskoy [this message] 2003-04-19 10:37 ` Maxim Tyurin 2003-04-21 3:11 ` Alexey Borovskoy 2003-04-21 10:22 ` Igor Muratov 2003-04-22 6:14 ` Alexey Borovskoy 2003-04-22 10:43 ` Igor Muratov 2003-04-22 22:18 ` Alexey Borovskoy 2003-05-05 16:17 ` Igor Muratov 2003-04-22 22:30 ` Dmitry Lebkov 2003-04-23 2:06 ` Alexey Borovskoy 2003-04-23 2:17 ` Alexey Borovskoy 2003-04-23 2:33 ` Dmitry Lebkov 2003-04-23 3:28 ` Alexey Borovskoy
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=200304191453.48391.alexey_borovskoy@pochtamt.ru \ --to=alexey_borovskoy@pochtamt.ru \ --cc=community@altlinux.ru \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Community general discussions This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 community community/ http://lore.altlinux.org/community \ mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com public-inbox-index community Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.community AGPL code for this site: git clone https://public-inbox.org/public-inbox.git