On Thu, May 26, 2005 at 11:45:48PM +0200, Finn-Arne Johansen wrote: > Geert Stappers wrote: > > Hello, > > <snip/> > > > > In sys log file is this from the server > > > > May 26 21:11:17 tw89 slapd[5100]: daemon: read activity on 12 > > May 26 21:11:17 tw89 slapd[5100]: connection_get(12) > > May 26 21:11:17 tw89 slapd[5100]: connection_get(12): got connid=20 > > May 26 21:11:17 tw89 slapd[5100]: connection_read(12): checking for input on id=20 > > May 26 21:11:17 tw89 slapd[5100]: connection_read(12): TLS accept error error=-1 id=20, closing > > May 26 21:11:17 tw89 slapd[5100]: connection_closing: readying conn=20 sd=12 for close > > May 26 21:11:17 tw89 slapd[5100]: connection_close: conn=20 sd=12 > > May 26 21:11:17 tw89 slapd[5100]: daemon: removing 12 > > > > (More available on request) > > > > > > My questions are > > > > Why do I get the TLS accept error ? > > > > How to get more debug information when the loglevel is allready 16383 ? > > > > Where to search for more clues? > > Have you told the clients to ignore the SSL certificate ? Sorry, not that I know. I use "plain" ldapsearch from the ldap-utils package. The manaul page tells about SASL voodoo, but nothing about SSL. What should I do at clients side to ignore or to honour the SSL certificate? While being clueless, is the gut feeling is that the cullprit is at serverside. Why should I search at client side? Cheers Geert Stappers
Attachment:
signature.asc
Description: Digital signature