Re: Debian, LDAPS, GnuTLS, OpenSSL
Lars Schimmer <l.schimmer@cgv.tugraz.at> wrote:
> On 2014-01-17 19:25, Sven Hartge wrote:
>> Lars Schimmer <l.schimmer@cgv.tugraz.at> wrote:
>>> ldap_pvt_connect: fd: 3 tm: -1 async: 0
>>> TLS: can't connect: A TLS packet with unexpected length was received..
>>> ldap_err2string
>>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>>
>> Bitte poste deine /etc/default/slapd
> Vom Server:
> SLAPD_CONF=
> SLAPD_USER="openldap"
> SLAPD_GROUP="openldap"
> SLAPD_PIDFILE=
> SLAPD_SERVICES="ldaps:/// ldapi:/// ldap:///";
> SLAPD_SENTINEL_FILE=/etc/ldap/noslapd
> SLAPD_OPTIONS=""
> Alles andere ist auskommentiert.
> ldap.conf server:
> #
> # LDAP Defaults
> #
> # See ldap.conf(5) for details
> # This file should be world readable but not world writable.
> BASE dc=cgv,dc=org
> URI ldap://ldap.cgv.org ldaps://ldap.cgv.org:636
> #SIZELIMIT 12
> #TIMELIMIT 15
> #DEREF never
> # TLS certificates (needed for GnuTLS)
> #TLS_CACERT /etc/ssl/certs/ca-certificates.crt
> TLSCACertificateFile /etc/ssl/certs/GeoTrust_Global_CA.pem
> TLSCertificateKeyFile /etc/ssl/private/cgv.org.key
> TLSCertificateFile /etc/ssl/certs/cgv.org.2.crt
> loglevel 2048
Also, TLSCACertificateFile, TLSCertificateKeyFile, TLSCertificateFile
gibt es nicht in der /etc/ldap/ldap.conf. Sie auch die man-page zu
ldap.conf.
Dort _MUSS_ die von dir auskommentierte Zeile "TLS_CACERT
/etc/ssl/certs/ca-certificates.crt" stehen.
Die /etc/ldap/ldap.conf konfiguriert außerdem NICHT den Server, sondern
die libldap.so, also die Client-Bibliothek. Das ist wichtig zu beachten.
S°
--
Sigmentation fault. Core dumped.
Reply to:
- Prev by Date:
Re: Debian, LDAPS, GnuTLS, OpenSSL
- Next by Date:
Re: Debian, LDAPS, GnuTLS, OpenSSL
- Previous by thread:
Re: Debian, LDAPS, GnuTLS, OpenSSL
- Next by thread:
Re: Debian, LDAPS, GnuTLS, OpenSSL
- Index(es):