On 19/07/12 2:36 AM, Gavin Henry wrote:
TLS: can't accept: A record packet with illegal version was received..
connection_read(16): TLS accept failure error=-1 id=1001, closing
The master runs Ubuntu 10.04.4 LTS and slapd @(#) $OpenLDAP: slapd 2.4.21
(Dec 19 2011 15:18:58) $
Thanks for that, in the end I gave up on TLS and just used SSL. Later when I
try again, it'll be after upgrading both the provider and the consumer to
the same versions. For now I'm using:
Warren you wimp!!! I understand, but do go back to it as StartTLS is a
standard, LDAP over SSL isn't.
There are some good instances where StartTLS isn't attractive: when the LDAP
servers are behind F5 BigIPs for example.
My 2 cents.
- chris
This message is private and confidential. If you have received it in error,
please notify the sender and remove it from your system.
There are some good instances where StartTLS isn't attractive: when the LDAP
servers are behind F5 BigIPs for example.
My 2 cents.
Yeah, true. Depends on environment and some kit just won't do StartTLS.
Hi,
Because you're using chain type referrals you need to trust the
certificate from the ldap server you are referring to on the LDAP
clients issuing queries.
Andrei BĂNARU
Internal Support
CCNA Security, CCIP
StreamWIDE Romania
On 16.07.2012 00:25, Warren Howard wrote:
Hi,
I'm not able
Dear Andrei,
On 16/07/12 11:47 AM, Andrei BĂNARU wrote:
Hi,
Because you're using chain type referrals you need to trust the
certificate from the ldap server you are referring to on the LDAP
clients issuing queries.
Isn't this done by setting up TLS_CACERT in /etc/ldap/ldap.conf and
Hi,
I'm not able to get slapo-chain + TLS to work. Slapo-chain without TLS
works, syncrepl + TLS works, the ldapclients with TLS works, just
slapo-chain + TLS does not work.
man slapo-chain contains no information about the tls options for
slapo-chain, but with I enable chain-tls start (as
