Hello, On a computer, hostname tw89, with LDAP configured with debian-edu packages, do I get this at client side: | tw89:/etc/ldap | # ldapsearch -W -H ldaps://tw89 -D | # cn=admin,ou=people,dc=gst,dc=stappers,dc=nl -b | # dc=gst,dc=stappers,dc=nl '(objectClass=simpleSecurityObject)' cn | # description userPassword | Enter LDAP Password: | ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) | additional info: error:14090086:SSL | routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed | tw89:/etc/ldap | # The certificate is generated with mkslapdcert, from the debian-edu-config package. The config file is | tw89:/etc/ldap | # cat ssl/slapd-cert.cnf | RANDOM=/dev/random | | [ req ] | default_bits = 1024 | encrypt_key = yes | distinguished_name = req_dn | x509_extensions = cert_type | prompt = no | | [ req_dn ] | C=NO | ST=NA | L=gst | O=Ldap server | OU=Automatically-generated Ldap SSL key | CN=tw89 | emailAddress=postmaster@tw89.gst.stappers.nl | | | [ cert_type ] | nsCertType = server | tw89:/etc/ldap | # ( that is the skolelinux /etc/ldap/ssl/slapd-cert.cnf with modified 'CN' and 'emailAdress' In sys log file is this May 26 21:11:17 tw89 slapd[5100]: daemon: read activity on 12 May 26 21:11:17 tw89 slapd[5100]: connection_get(12) May 26 21:11:17 tw89 slapd[5100]: connection_get(12): got connid=20 May 26 21:11:17 tw89 slapd[5100]: connection_read(12): checking for input on id=20 May 26 21:11:17 tw89 slapd[5100]: connection_read(12): TLS accept error error=-1 id=20, closing May 26 21:11:17 tw89 slapd[5100]: connection_closing: readying conn=20 sd=12 for close May 26 21:11:17 tw89 slapd[5100]: connection_close: conn=20 sd=12 May 26 21:11:17 tw89 slapd[5100]: daemon: removing 12 (More available on request) My questions are Why do I get the TLS accept error ? How to get more debug information when the loglevel is allready 16383 ? Where to search for more clues? Cheers Geert Stappers
Attachment:
signature.asc
Description: Digital signature