ALT Linux Community general discussions
 help / color / mirror / Atom feed
* [Comm] Updating OpenLDAP 2.0.x -> 2.1.x (master 2.2 -> 2.4)
@ 2004-12-22 22:46 Artem Bokhan
  2004-12-22 22:50 ` [Comm] " Michael Shigorin
  0 siblings, 1 reply; 2+ messages in thread
From: Artem Bokhan @ 2004-12-22 22:46 UTC (permalink / raw)
  To: community

Здравствуйте.

После апдейта системы с master 2.2 на 2.4 возникли проблемы с OpenLDAP при 
использовании TLS. Ранее все работало без проблем. Не работает 
аутентификация через pam_ldap и утилиты типа ldapsearch, именно при 
включенном TLS.

_______________________________________________

# ldapsearch -ZZ
ldap_start_tls: Operations error (1)
        additional info: TLS already started
_______________________________________________

/usr/sbin/slapd -d 7 -u ldap -r /var/lib/ldap -h "ldap:/// ldaps:///"

FILTER:: str2filter: "(objectclass=*)"
FILTER:: get_filter: conn 0
BER:: ber_scanf fmt (m) ber:
CONNECTION:: connection_get: socket 10
TRANSPORT:: tls_info_cb: TLS trace: SSL_accept:error in SSLv3 read client 
certificate A
TRANSPORT:: tls_info_cb: TLS trace: SSL_accept:error in SSLv3 read client 
certificate A
CONNECTION:: connection_get: socket 10
CONNECTION:: connection_read: conn 0 unable to get TLS client DN, error 49
CONNECTION:: connection_get: socket 10
BER:: ber_get_next: enter
OPERATION:: do_extended: conn 0
BER::
BER:: ber_get_next: enter
CONNECTION:: connection_input: conn 0  ber_get_next failed, errno 11 
(Resource temporarily unavailable).
ber_scanf fmt ({m) ber:
    OPERATION:: send_ldap_extended: err=1 oid= len=0
OPERATION:: send_ldap_response:  msgid=1 tag=120 err=1
CONNECTION:: connection_get: socket 10
BER:: ber_get_next: enter
CONNECTION:: connection_input: conn 0  ber_get_next failed, errno 0 
(Success).
CONNECTION:: connection_read: conn 0  input error -2, closing.

конфигурация сервера:

allow bind_v2
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args
modulepath      /usr/lib/openldap
moduleload      back_ldbm.la
TLSCipherSuite         HIGH:MEDIUM:+SSLv2
TLSCertificateFile      /etc/openldap/ssl/ldap.pem
TLSCertificateKeyFile   /etc/openldap/ssl/ldap.pem
TLSCACertificateFile    /etc/openldap/ssl/ldap.pem
TLSVerifyClient never

threads 100
idletimeout 3600
password-hash {CRYPT}
password-crypt-salt-format "$1$%.8s"
access to attr=userPassword
        by self write
                by anonymous auth
                by * none
access to * by * read
database        ldbm
suffix          "dc=my,dc=server"
rootdn          "cn=admin,dc=my,dc=server"
rootpw  password
directory       /var/lib/ldap/bases/my.server
loglevel 8

index objectClass,uid,uidNumber,gidNumber     eq
index cn,mail,surname,givenname               eq,subinitial

конфигурация клиента:

BASE    dc=my,dc=server
URI     ldaps://localhost
rootbinddn cn=admin,dc=my,dc=server
pam_password md5
tls on
TLS_REQCERT never



Сертификат создавался:

# pwd
/var/lib/ssl/certs
# make ldap.pem
[пропущено]
Country Name (2 letter code) [AU]:RU
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server's hostname) []:my.server
Email Address []:.





^ permalink raw reply	[flat|nested] 2+ messages in thread

* [Comm] Re: Updating OpenLDAP 2.0.x -> 2.1.x (master 2.2 -> 2.4)
  2004-12-22 22:46 [Comm] Updating OpenLDAP 2.0.x -> 2.1.x (master 2.2 -> 2.4) Artem Bokhan
@ 2004-12-22 22:50 ` Michael Shigorin
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Shigorin @ 2004-12-22 22:50 UTC (permalink / raw)
  To: community

On Thu, Dec 23, 2004 at 04:46:37AM +0600, Artem Bokhan wrote:
> После апдейта системы с master 2.2 на 2.4 возникли проблемы с
> OpenLDAP при использовании TLS. Ранее все работало без проблем.
> Не работает аутентификация через pam_ldap и утилиты типа
> ldapsearch, именно при включенном TLS.

welcome to http://lists.osdn.org.ua/wws/info/openldap

-- 
 ---- WBR, Michael Shigorin <mike@altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-12-22 22:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-12-22 22:46 [Comm] Updating OpenLDAP 2.0.x -> 2.1.x (master 2.2 -> 2.4) Artem Bokhan
2004-12-22 22:50 ` [Comm] " Michael Shigorin

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git