On 21Oct21 18:39+0300, Nick Milas wrote:
> It shows that the CA/cert has issues. Yet, everything was working fine
> until last upgrade!
Check your ldaprc for TLS_REQCERT. Maybe that changed in the upgrade?
--
Bastian TweddellJuelich Supercomputing Centre
smime.p7s
Description:
>>> Quanah Gibson-Mount schrieb am 21.10.2021 um 19:29 in
Nachricht <125627C2D6AF4AE00EF3FCDF@[192.168.1.11]>:
>
> --On Thursday, October 21, 2021 7:54 PM +0300 Nick Milas
> wrote:
>
>> On 21/10/2021 6:39 μ.μ., Nick Milas wrote:
>>
>>> From the journal, some excerpts (it is very long):
>>
>>
--On Thursday, October 21, 2021 7:54 PM +0300 Nick Milas
wrote:
On 21/10/2021 6:39 μ.μ., Nick Milas wrote:
From the journal, some excerpts (it is very long):
My fault: I copied parts from the journal before the restart :(
Here is the actual log after restart:
The client side still
On 21/10/2021 6:39 μ.μ., Nick Milas wrote:
From the journal, some excerpts (it is very long):
My fault: I copied parts from the journal before the restart :(
Here is the actual log after restart:
Oct 21 18:31:28 ldap.noa.gr systemd[1]: slapd.service start operation
timed out. Terminating.
Nick Milas wrote:
> Thank you for the reply:
>
> Here it is:
> It shows that the CA/cert has issues. Yet, everything was working fine until
> last upgrade!
Well, it's not going to lie to you. Your CA cert isn't recognized, so some
other upgrade must
have mucked with your certs or LDAP config.
Thank you for the reply:
Here it is:
# ldapwhoami -H ldaps://ldap.noa.gr:636 -x -d -1
ldap_url_parse_ext(ldaps://ldap.noa.gr:636)
ldap_create
ldap_url_parse_ext(ldaps://ldap.noa.gr:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
Nick Milas wrote:
> Hello,
>
> Our main OpenLDAP Server (running on CentOS 7) has been working fine with
> 2.4.58.
>
> Since yesterday, after a (minor, see at the end) OS upgrade which included an
> update to LTB Openldap 2.4.59, SSL clients see:
>
> # ldapwhoami -H ldaps://ldap.noa.gr:636 -x
, April 12, 2010 12:30 PM
To: 'lynn.y...@mavenwire.commailto:lynn.y...@mavenwire.com'
Subject: Re: Problem with SSL/TLS
Did you setup the CA's cert as a trusted CA on your clients?
There is also a setting to skip verifying the cert for /etc/openldap/ldap.conf
- but I can't recall atm.
- chris
Chris
*Subject*: RE: Problem with SSL/TLS
Here is my /etc/ldap.conf:
#host 127.0.0.1
base cn=users,dc=testing,dc=com
uri ldap://localhost:636
binddn cn=manager,dc=testing,dc=com
bindpw password
scope sub
timelimit 120
bind_policy soft
bind_timelimit 120
idle_timelimit 3600
ssl on
tls_cacert
I ran into various issues with OpenLDAP + SSL/TLS. Finally, I ended up
tunneling via stunnel. Something you might want to consider?
Siddhartha
From: openldap-technical-bounces+sjain=silverspringnet@openldap.org
[mailto:openldap-technical-bounces+sjain=silverspringnet@openldap.org]
...@silverspringnet.com]
*Sent:* Monday, April 12, 2010 3:53 PM
*To:* Lynn York; openldap-technical@openldap.org
*Subject:* RE: Problem with SSL/TLS
I ran into various issues with OpenLDAP + SSL/TLS. Finally, I ended up
tunneling via stunnel. Something you might want to consider?
Siddhartha
--On Monday, April 12, 2010 2:20 PM -0400 Lynn York
lynn.y...@mavenwire.com wrote:
TLS certificate verification: depth: 0, err: 18, subject:
/C=US/ST=Pennsylvania/L=King of Prussia/O=MavenWire,
LLC/OU=Support/CN=testing.com/emailaddress=mw-hosting-sysad...@testing.co
m, issuer:
Subject: RE: Problem with SSL/TLS
--On Monday, April 12, 2010 2:20 PM -0400 Lynn York
lynn.y...@mavenwire.com wrote:
TLS certificate verification: depth: 0, err: 18, subject:
/C=US/ST=Pennsylvania/L=King of Prussia/O=MavenWire,
LLC/OU=Support/CN=testing.com/emailaddress=mw-hosting-sysad
--On Monday, April 12, 2010 6:13 PM -0400 Lynn York
lynn.y...@mavenwire.com wrote:
Here is my /etc/openldap/ldap.conf:
uri ldaps://localhost
base cn=users,dc=testing,dc=com
tls_cacert /etc/openldap/cacerts/ca.key
tls_cacertdir /etc/openldap/cacerts
tls_reqcert allow
You specify *one* of the
14 matches
Mail list logo