nslcd with tls
[Date Prev][Date Next] [Thread Prev][Thread Next]nslcd with tls
- From: "Cieslak, Andreas" <cieslak [at] folkwang-uni.de>
- To: <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: nslcd with tls
- Date: Thu, 26 Jul 2012 11:02:49 +0200
Hi, iam using debain squezze ver. 6.0.2 with OpenLDAP ver. 2.4.23, libpam-ldapd ver. 0.7.13 and openssl 0.9.8o-4squezze2. The certificates are from a provider. The certs work already with other services (mail, etc.) and have permissions like 644 and 640 for the key-file. My problem is to get the authentication with tls against the ldap dir working. Without tls its working like a charme. Also the ldapsearch command with the –ZZ option is connecting great from several clients with the server. Here are the tls-settings from my nslcd.conf: ssl start_tls tls_cert /etc/ssl/certs/slapd.pem tls_key /etc/ssl/private/slapd.key tls_cacertdir /etc/ssl/certs tls_cacertfile /etc/ssl/certs/ca-certificates.crt tls_reqcert try The certs work already with other services (mail, etc.) and have permissions like 644 and 640 for the key-file. The user openldap is in the group ssl-cert. When I start like nslcd –d, I get the following error: nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [b0dc51] DEBUG: ldap_start_tls_s() nslcd: [b0dc51] ldap_start_tls_s() failed: Connect error: Permission denied (uri="ldap://myip") nslcd: [b0dc51] failed to bind to LDAP server ldap://myip: Connect error: Permission denied nslcd: [b0dc51] DEBUG: ldap_unbind() nslcd: [b0dc51] no available LDAP server found, sleeping 1 seconds The Certificate Configuration in the slapd.conf looks like: TLSCertificateFile /etc/ssl/certs/slapd.pem TLSCertificateKeyFile /etc/ssl/private/slapd.key TLSCACertificateFile /etc/ssl/certs/ca-certificates.crt TLSVerifyClient try Starting slapd in Debug Mode shows the following when I try to connect with tls: tls_read: want=5, got=5 0000: 30 05 02 01 02 TLS: can't accept: A record packet with illegal version was received.. connection_read(18): TLS accept failure error=-1 id=1014, closing connection_closing: readying conn=1014 sd=18 for close connection_close: conn=1014 sd=18 daemon: removing 18 conn=1014 fd=18 closed (TLS negotiation failure) Has anyone got an idea or hint? Kind regards Andy |
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users/
- nslcd with tls, Cieslak, Andreas
- Re: nslcd with tls,
Arthur de Jong
- AW: nslcd with tls, Cieslak, Andreas
- Prev by Date: Re: Could you let me know if nested groups are now supported?
- Next by Date: Re: nslcd with tls
- Previous by thread: Re: Could you let me know if nested groups are now supported?
- Next by thread: Re: nslcd with tls