On 21Oct21 18:39+0300, Nick Milas wrote:
> It shows that the CA/cert has issues. Yet, everything was working fine
> until last upgrade!
Check your ldaprc for TLS_REQCERT. Maybe that changed in the upgrade?
--
Bastian TweddellJuelich Supercomputing Centre
smime.p7s
Description:
>>> Quanah Gibson-Mount schrieb am 21.10.2021 um 19:29 in
Nachricht <125627C2D6AF4AE00EF3FCDF@[192.168.1.11]>:
>
> --On Thursday, October 21, 2021 7:54 PM +0300 Nick Milas
> wrote:
>
>> On 21/10/2021 6:39 μ.μ., Nick Milas wrote:
>>
>>> From the journal, some excerpts (it is very long):
>>
>>
--On Thursday, October 21, 2021 7:54 PM +0300 Nick Milas
wrote:
On 21/10/2021 6:39 μ.μ., Nick Milas wrote:
From the journal, some excerpts (it is very long):
My fault: I copied parts from the journal before the restart :(
Here is the actual log after restart:
The client side still
On 21/10/2021 6:39 μ.μ., Nick Milas wrote:
From the journal, some excerpts (it is very long):
My fault: I copied parts from the journal before the restart :(
Here is the actual log after restart:
Oct 21 18:31:28 ldap.noa.gr systemd[1]: slapd.service start operation
timed out. Terminating.
Nick Milas wrote:
> Thank you for the reply:
>
> Here it is:
> It shows that the CA/cert has issues. Yet, everything was working fine until
> last upgrade!
Well, it's not going to lie to you. Your CA cert isn't recognized, so some
other upgrade must
have mucked with your certs or LDAP config.
Thank you for the reply:
Here it is:
# ldapwhoami -H ldaps://ldap.noa.gr:636 -x -d -1
ldap_url_parse_ext(ldaps://ldap.noa.gr:636)
ldap_create
ldap_url_parse_ext(ldaps://ldap.noa.gr:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
Nick Milas wrote:
> Hello,
>
> Our main OpenLDAP Server (running on CentOS 7) has been working fine with
> 2.4.58.
>
> Since yesterday, after a (minor, see at the end) OS upgrade which included an
> update to LTB Openldap 2.4.59, SSL clients see:
>
> # ldapwhoami -H ldaps://ldap.noa.gr:636 -x
Hello,
Our main OpenLDAP Server (running on CentOS 7) has been working fine
with 2.4.58.
Since yesterday, after a (minor, see at the end) OS upgrade which
included an update to LTB Openldap 2.4.59, SSL clients see:
# ldapwhoami -H ldaps://ldap.noa.gr:636 -x
ldap_sasl_bind(SIMPLE): Can't
I have created a cert. on the server and openldap starts without any issues,
however when I attempt to connect via ldaps I keep getting the following
error:
ldapsearch -x -H ldaps://localhost:636 -D cn=Manager,dc=testing,dc=com -W
-b dc=testing,dc=com (objectClass=top)
Enter LDAP Password:
: Problem with SSL/TLS
Here is my /etc/ldap.conf:
#host 127.0.0.1
base cn=users,dc=testing,dc=com
uri ldap://localhost:636
binddn cn=manager,dc=testing,dc=com
bindpw password
scope sub
timelimit 120
bind_policy soft
bind_timelimit 120
idle_timelimit 3600
ssl on
tls_cacert /etc/openldap/cacerts
*Subject*: RE: Problem with SSL/TLS
Here is my /etc/ldap.conf:
#host 127.0.0.1
base cn=users,dc=testing,dc=com
uri ldap://localhost:636
binddn cn=manager,dc=testing,dc=com
bindpw password
scope sub
timelimit 120
bind_policy soft
bind_timelimit 120
idle_timelimit 3600
ssl on
tls_cacert
] On
Behalf Of Lynn York
Sent: Monday, April 12, 2010 8:14 AM
To: openldap-technical@openldap.org
Subject: Problem with SSL/TLS
I have created a cert. on the server and openldap starts without any issues,
however when I attempt to connect via ldaps I keep getting the following error:
ldapsearch
...@silverspringnet.com]
*Sent:* Monday, April 12, 2010 3:53 PM
*To:* Lynn York; openldap-technical@openldap.org
*Subject:* RE: Problem with SSL/TLS
I ran into various issues with OpenLDAP + SSL/TLS. Finally, I ended up
tunneling via stunnel. Something you might want to consider?
Siddhartha
--On Monday, April 12, 2010 2:20 PM -0400 Lynn York
lynn.y...@mavenwire.com wrote:
TLS certificate verification: depth: 0, err: 18, subject:
/C=US/ST=Pennsylvania/L=King of Prussia/O=MavenWire,
LLC/OU=Support/CN=testing.com/emailaddress=mw-hosting-sysad...@testing.co
m, issuer:
Subject: RE: Problem with SSL/TLS
--On Monday, April 12, 2010 2:20 PM -0400 Lynn York
lynn.y...@mavenwire.com wrote:
TLS certificate verification: depth: 0, err: 18, subject:
/C=US/ST=Pennsylvania/L=King of Prussia/O=MavenWire,
LLC/OU=Support/CN=testing.com/emailaddress=mw-hosting-sysad
--On Monday, April 12, 2010 6:13 PM -0400 Lynn York
lynn.y...@mavenwire.com wrote:
Here is my /etc/openldap/ldap.conf:
uri ldaps://localhost
base cn=users,dc=testing,dc=com
tls_cacert /etc/openldap/cacerts/ca.key
tls_cacertdir /etc/openldap/cacerts
tls_reqcert allow
You specify *one* of the
16 matches
Mail list logo