Results 1 to 1 of 1
I have an OpenLDAP server running which I am trying to get to use SSL/TLS. It works without it, but it does not work when I switch on ssl/tls. Code: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 06-12-2009 #1
OpenLDAP SSL/TLS problem with pam/nss
I have an OpenLDAP server running which I am trying to get to use SSL/TLS. It works without it, but it does not work when I switch on ssl/tls.
Jun 12 13:23:22 myhost getent: nss_ldap: failed to bind to LDAP server ldaps://ldap.mydomain.com/: Can't contact LDAP server Jun 12 13:23:22 myhost getent: nss_ldap: could not search LDAP server - Server is unavailable Jun 12 13:23:22 myhost slapd: conn=9 fd=15 ACCEPT from IP=x.x.x.x:59963 (IP=0.0.0.0:636) Jun 12 13:23:22 myhost slapd: conn=9 fd=15 closed (TLS negotiation failure)
tls_checkpeer yes tls_ciphers HIGH ssl yes tls_cacert /etc/openldap/cacerts/slapd.cert
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt TLSCertificateFile /etc/pki/tls/certs/slapd.cert TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pemCode:
The cert file and pem file are there with the right permissions, and I am testing this from the same server that slapd is running from right now, so the cacert mentioned in the ldap.conf file is there on the local filesystem too and I copied it to the right path...
So my question is, how do I go about debugging this? I cannot see any more logging information or options to increase logging for the pam/nss modules... and I don't know much about openssl in general (I know I should but I've always hated it)The Human Equation:
value(geeks) > value(mundanes)