Re: slapd[5100]: connection_read(12): TLS accept error error=-1

To: debian-edu@lists.debian.org
Subject: Re: slapd[5100]: connection_read(12): TLS accept error error=-1
From: Finn-Arne Johansen <faj@bzz.no>
Date: Thu, 26 May 2005 23:45:48 +0200
Message-id: <[🔎] 4296438C.4030004@bzz.no>
In-reply-to: <[🔎] 20050526192337.GA6227@gpm.stappers.nl>
References: <[🔎] 20050526192337.GA6227@gpm.stappers.nl>

Geert Stappers wrote:
> Hello,
> 
> On a computer, hostname tw89, with LDAP configured with debian-edu
> packages, do I get this at client side:
> 
> | tw89:/etc/ldap
> | # ldapsearch -W -H ldaps://tw89 -D
> | # cn=admin,ou=people,dc=gst,dc=stappers,dc=nl -b
> | # dc=gst,dc=stappers,dc=nl '(objectClass=simpleSecurityObject)' cn
> | # description userPassword
> | Enter LDAP Password:
> | ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
> |         additional info: error:14090086:SSL
> | routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> | tw89:/etc/ldap
> | #
> 
> The certificate is generated with mkslapdcert, from the debian-edu-config
> package. The config file is 
> 
> | tw89:/etc/ldap
> | # cat ssl/slapd-cert.cnf
> | RANDOM=/dev/random
> | 
> | [ req ]
> | default_bits = 1024
> | encrypt_key = yes
> | distinguished_name = req_dn
> | x509_extensions = cert_type
> | prompt = no
> | 
> | [ req_dn ]
> | C=NO
> | ST=NA
> | L=gst
> | O=Ldap server
> | OU=Automatically-generated Ldap SSL key
> | CN=tw89
> | emailAddress=postmaster@tw89.gst.stappers.nl
> | 
> | 
> | [ cert_type ]
> | nsCertType = server
> | tw89:/etc/ldap
> | #
> 
> ( that is the skolelinux /etc/ldap/ssl/slapd-cert.cnf
> with modified 'CN' and 'emailAdress'
> 
> In sys log file is this 
> 
> May 26 21:11:17 tw89 slapd[5100]: daemon: read activity on 12
> May 26 21:11:17 tw89 slapd[5100]: connection_get(12)
> May 26 21:11:17 tw89 slapd[5100]: connection_get(12): got connid=20
> May 26 21:11:17 tw89 slapd[5100]: connection_read(12): checking for input on id=20
> May 26 21:11:17 tw89 slapd[5100]: connection_read(12): TLS accept error error=-1 id=20, closing
> May 26 21:11:17 tw89 slapd[5100]: connection_closing: readying conn=20 sd=12 for close
> May 26 21:11:17 tw89 slapd[5100]: connection_close: conn=20 sd=12
> May 26 21:11:17 tw89 slapd[5100]: daemon: removing 12
> 
> (More available on request)
> 
> 
> My questions are
> 
>  Why do I get the TLS accept error ?
> 
>  How to get more debug information when the loglevel is allready 16383 ?
> 
>  Where to search for more clues?

Have you told the clients to ignore the SSL certificate ?

-- 
Finn-Arne Johansen
faj@bzz.no http://bzz.no/
Leverandør av support på, drift og videreutvikling av Skolelinux-løsninger

Reply to:

Follow-Ups:
- Re: slapd[5100]: connection_read(12): TLS accept error error=-1
  - From: stappers@stappers.nl (Geert Stappers)

References:
- slapd[5100]: connection_read(12): TLS accept error error=-1
  - From: stappers@stappers.nl (Geert Stappers)

Prev by Date: slapd[5100]: connection_read(12): TLS accept error error=-1
Next by Date: Re: Signup form for next developer gathering in Bergen, June 2005
Previous by thread: slapd[5100]: connection_read(12): TLS accept error error=-1
Next by thread: Re: slapd[5100]: connection_read(12): TLS accept error error=-1
Index(es):
- Date
- Thread