slapd + TLS Problem.

To: debian-user@lists.debian.org
Subject: slapd + TLS Problem.
From: Alessandro Baggi <alessandro.baggi@gmail.com>
Date: Sun, 14 Jun 2009 19:23:29 +0200
Message-id: <[🔎] 4A353211.5090502@gmail.com>

Hi there. I've problem setting up SLAPD + TLS and libnss-ldap. When Itry to get the passwd entry with getent passwd I get the following error:


TLS: can't accept: A record packet with illegal version was received..
connection_read(13): TLS accept failure error=-1 id=18, closing

This is a certificate problem or libnss-ldap configuration problem? I'vealso tested slapd and tls with gnutls-cli and openssl s_client and theycomplete test successfully. I've also tested my certificate with opensslverify, and also this test has been completed successfully. Mynsswitch.conf is configured with files and ldap.


Then, i've created my certificate with the following command:

# /usr/lib/ssl/misc/CA.pl -newca /* to create the cacertificate and key*/

# openssl req -newkey rsa:1024 -nodes -keyout key.pem -outnewreq.pem /*for server/client certificate building andsing*/

# /usr/lib/ssl/misc/CA.pl -sign


There's something that is wrong in certificate creation?

This is my libnss-ldap.conf configuration (only TLS and port parameters ):

uri ldap://PDC
port 389
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl start_tls
tls_checkpeer yes
tls_cacertfile /etc/certlibnss/cacert.cert
tls_ciphers TLSv1
tls_cert /etc/certlibnss/nsscert.pem
tls_key /etc/certlibnss/nsskey.pem


Openldap Util work fine with slapd and TLS but on ldaps port (636).
This is a bug or a mismatch configuration?


Thanks in advance.

Reply to:

Follow-Ups:
- Re: slapd + TLS Problem.
  - From: Maria McKinley <maria@shadlen.org>

Prev by Date: Re: Gimp and unstable
Next by Date: aptitude wants to remove 'locate'
Previous by thread: Debian multi-domain authentication (using a LDAP backend)
Next by thread: Re: slapd + TLS Problem.
Index(es):
- Date
- Thread