<div class="moz-text-flowed" style="font-family: -moz-fixed">Hi there.
I've problem setting up SLAPD + TLS and libnss-ldap. When I try to get
the passwd entry with getent passwd I get the following error:
TLS: can't accept: A record packet with illegal version was received..
connection_read(13): TLS accept failure error=-1 id=18, closing
This is a certificate problem or libnss-ldap configuration problem? I've
also tested slapd and tls with gnutls-cli and openssl s_client and they
complete test successfully. I've also tested my certificate with openssl
verify, and also this test has been completed successfully. My
nsswitch.conf is configured with files and ldap.
Then, i've created my certificate with the following command:
# /usr/lib/ssl/misc/CA.pl -newca /* to create the ca
certificate and key*/
# openssl req -newkey rsa:1024 -nodes -keyout key.pem -out
newreq.pem /*for server/client certificate building and
sing*/
# /usr/lib/ssl/misc/CA.pl -sign
There's something that is wrong in certificate creation?
This is my libnss-ldap.conf configuration (only TLS and port parameters ):
uri ldap://PDC
port 389
# OpenLDAP SSL mechanism
# start_tls mechanism uses the normal LDAP port, LDAPS typically 636
ssl start_tls
tls_checkpeer yes
tls_cacertfile /etc/certlibnss/cacert.cert
tls_ciphers TLSv1
tls_cert /etc/certlibnss/nsscert.pem
tls_key /etc/certlibnss/nsskey.pem
Openldap Util work fine with slapd and TLS but on ldaps port (636).
This is a bug or a mismatch configuration?
Thanks in advance.
</div>