Package: ldap-utils Version: 2.4.40+dfsg-1+deb8u2 Severity: normal Dear Maintainer,
On a fresh install of Debian 8, I cannot get ldapsearch or ldapwhoami to connect to an LDAPS server. There appears to be some TLS happening, and a connections is made, but then it fails without any useful error messages on debug level 1. contents of /etc/ldap/ldap.conf: TLS_CACERT /etc/ssl/certs/ca-certificates.crt # MattW 04/19/2017 - Added the following TLS_REQCERT allow SSL start_tls root@ldi-deb8-test:~/UW-LDI# !ldapsearch ldapsearch -d1 -Z -H ldap://ldi.s.uw.edu -W -D cn=unitAdmin,ou=auth,ou=csde,dc=ldi,dc=uw,dc=edu -LLL -s base -b cn=unitAdmin,ou=auth,ou=csde,dc=ldi,dc=uw,dc=edu ldap_url_parse_ext(ldap://ldi.s.uw.edu) ldap_create ldap_url_parse_ext(ldap://ldi.s.uw.edu:389/??base) ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldi.s.uw.edu:389 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying 69.91.245.42:389 ldap_pvt_connect: fd: 4 tm: -1 async: 0 attempting to connect: connect success ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush2: 31 bytes to sd 4 ldap_result ld 0x7f9918572860 msgid 1 wait4msg ld 0x7f9918572860 msgid 1 (infinite timeout) wait4msg continue ld 0x7f9918572860 msgid 1 all 1 ** ld 0x7f9918572860 Connections: * host: ldi.s.uw.edu port: 389 (default) refcnt: 2 status: Connected last used: Thu May 4 08:08:31 2017 ** ld 0x7f9918572860 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x7f9918572860 request count 1 (abandoned 0) ** ld 0x7f9918572860 Response Queue: Empty ld 0x7f9918572860 response count 0 ldap_chkResponseList ld 0x7f9918572860 msgid 1 all 1 ldap_chkResponseList returns ld 0x7f9918572860 NULL ldap_int_select read1msg: ld 0x7f9918572860 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 12 contents: read1msg: ld 0x7f9918572860 msgid 1 message type extended-result ber_scanf fmt ({eAA) ber: read1msg: ld 0x7f9918572860 0 new referrals read1msg: mark request completed, ld 0x7f9918572860 msgid 1 request done: ld 0x7f9918572860 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_extended_result ber_scanf fmt ({eAA) ber: ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_msgfree Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush2: 74 bytes to sd 4 ldap_result ld 0x7f9918572860 msgid 2 wait4msg ld 0x7f9918572860 msgid 2 (infinite timeout) wait4msg continue ld 0x7f9918572860 msgid 2 all 1 ** ld 0x7f9918572860 Connections: * host: ldi.s.uw.edu port: 389 (default) refcnt: 2 status: Connected last used: Thu May 4 08:08:38 2017 ** ld 0x7f9918572860 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x7f9918572860 request count 1 (abandoned 0) ** ld 0x7f9918572860 Response Queue: Empty ld 0x7f9918572860 response count 0 ldap_chkResponseList ld 0x7f9918572860 msgid 2 all 1 ldap_chkResponseList returns ld 0x7f9918572860 NULL ldap_int_select read1msg: ld 0x7f9918572860 msgid 2 all 1 ber_get_next ldap_err2string ldap_result: Can't contact LDAP server (-1) ldap_free_request (origid 2, msgid 2) ldap_free_connection 1 1 ldap_free_connection: actually freed root@ldi-deb8-test:~/UW-LDI# root@ldi-deb8-test:~/UW-LDI# ldapwhoami -d1 -H 'ldaps://ldi.s.uw.edu' -w 'passwerd' -D cn=unitAdmin,ou=auth,ou=csde,ou=ldi,ou=uw,ou=edu ldap_url_parse_ext(ldaps://ldi.s.uw.edu) ldap_create ldap_url_parse_ext(ldaps://ldi.s.uw.edu:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldi.s.uw.edu:636 ldap_new_socket: 4 ldap_prepare_socket: 4 ldap_connect_to_host: Trying 128.208.178.146:636 ldap_pvt_connect: fd: 4 tm: -1 async: 0 attempting to connect: connect success ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush2: 74 bytes to sd 4 ldap_result ld 0x7f80d936b820 msgid 1 wait4msg ld 0x7f80d936b820 msgid 1 (infinite timeout) wait4msg continue ld 0x7f80d936b820 msgid 1 all 1 ** ld 0x7f80d936b820 Connections: * host: ldi.s.uw.edu port: 636 (default) refcnt: 2 status: Connected last used: Thu May 4 08:35:31 2017 ** ld 0x7f80d936b820 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x7f80d936b820 request count 1 (abandoned 0) ** ld 0x7f80d936b820 Response Queue: Empty ld 0x7f80d936b820 response count 0 ldap_chkResponseList ld 0x7f80d936b820 msgid 1 all 1 ldap_chkResponseList returns ld 0x7f80d936b820 NULL ldap_int_select read1msg: ld 0x7f80d936b820 msgid 1 all 1 ber_get_next ldap_err2string ldap_result: Can't contact LDAP server (-1) ldap_free_request (origid 1, msgid 1) ldap_free_connection 1 1 ldap_free_connection: actually freed root@ldi-deb8-test:~/UW-LDI# The server negotatates SSL/TLS just fine as evidenced here: root@ldi-deb8-test:~/UW-LDI# root@ldi-deb8-test:~/UW-LDI# openssl s_client -showcerts -connect ldi1.s.uw.edu:636 CONNECTED(00000003) depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify return:1 depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA verify return:1 depth=0 C = US, postalCode = 98195, ST = WA, L = Seattle, street = 4545 15th Ave NE, O = University of Washington, OU = UW-IT, CN = ldi.s.uw.edu verify return:1 --- Certificate chain 0 s:/C=US/postalCode=98195/ST=WA/L=Seattle/street=4545 15th Ave NE/O=University of Washington/OU=UW-IT/CN=ldi.s.uw.edu i:/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA -----BEGIN CERTIFICATE----- MIIFkjCCBHqgAwIBAgIRAJNPgvItbcxkD86hV5ehNZAwDQYJKoZIhvcNAQELBQAw djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMTcwNDExMDAwMDAwWhcNMjAwNDEw MjM1OTU5WjCBoTELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTk4MTk1MQswCQYDVQQI EwJXQTEQMA4GA1UEBxMHU2VhdHRsZTEZMBcGA1UECRMQNDU0NSAxNXRoIEF2ZSBO RTEhMB8GA1UEChMYVW5pdmVyc2l0eSBvZiBXYXNoaW5ndG9uMQ4wDAYDVQQLEwVV Vy1JVDEVMBMGA1UEAxMMbGRpLnMudXcuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAwWduvzE0BVz9j2oDDBlN7+NPQPNN8CWwqvwposDbjdU9U/jo gNQYwFtdo4vkY1dJxrU7x5SbIZ+Nr2ilkj1cQw/16CANzA8JEPUDTCcrIYS7SF54 S0rxXJ5b9wnBU+rrGweULcbfM12v1rImWce+7WXsHm8YHkEI1ALv/FtTMgCFvzzv IO2rcaMLq2a1Rfhb2gRy0PZSXOHbA2LXz5VSNnO2Ta5N6WXuD0b37arOqqn4mj1/ K7q30T7R0FsE+RbxXVPZrAb+fY19E10befuTV3W88UISWgnEkI6F2bSRwDdDdh1H zaHmgqtEkjjv3FALX+oSre+fQL7rb712xUxIJwIDAQABo4IB7TCCAekwHwYDVR0j BBgwFoAUHgWjd49sluJbh0umtIascQAM5zgwHQYDVR0OBBYEFJG1GjtEudSWuxQj fb0Xcng92Y9VMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW MBQGCCsGAQUFBwMBBggrBgEFBQcDAjBnBgNVHSAEYDBeMFIGDCsGAQQBriMBBAMB ATBCMEAGCCsGAQUFBwIBFjRodHRwczovL3d3dy5pbmNvbW1vbi5vcmcvY2VydC9y ZXBvc2l0b3J5L2Nwc19zc2wucGRmMAgGBmeBDAECAjBEBgNVHR8EPTA7MDmgN6A1 hjNodHRwOi8vY3JsLmluY29tbW9uLXJzYS5vcmcvSW5Db21tb25SU0FTZXJ2ZXJD QS5jcmwwdQYIKwYBBQUHAQEEaTBnMD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LnVz ZXJ0cnVzdC5jb20vSW5Db21tb25SU0FTZXJ2ZXJDQV8yLmNydDAlBggrBgEFBQcw AYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTBEBgNVHREEPTA7ggxsZGkucy51 dy5lZHWCDWxkaTEucy51dy5lZHWCDWxkaTIucy51dy5lZHWCDWxkaTMucy51dy5l ZHUwDQYJKoZIhvcNAQELBQADggEBACugROqn+Jb0O6iWVJJhKx8W+3i430HiOaOs /HCVJnKfSpu758jfT5ogvTvCmxuKNbKkdEXj1p863mX4Xv9HLDlMaWxmWvhv5YrS DMtKiwIj1B4PKFoHknQ5kMk6x7Qaxihul7JGUdq6D+ajJ+b4dZROVTbq4dI4rdEZ 28eg/Kvusqftz7lMnIkaPCepkhhbI98v4k1Zopsgf9MkcnTZJYe2ZbcdgmEITbfZ +QoFpIQ3415sadQm8mB+NIH2pFQv/L2/P5SucdsBHOSlZIQU8z82tuqEPBjop1oL +GvPCTj06lFOVHJw0MNNX2KPvYmrARLEONRTTZpg4jwEZU8+A28= -----END CERTIFICATE----- 1 s:/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority -----BEGIN CERTIFICATE----- MIIF+TCCA+GgAwIBAgIQJbVdRZm0XXTm3MkhAFSBcjANBgkqhkiG9w0BAQ0FADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQw OTE5MDAwMDAwWhcNMjQwOTE4MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI hvcNAQENBQADggIBAE3VdfpMw+uUkDK0VtAs3Op7bAOXhHqVbcZf+utvwT0n2Bj9 6vp8Jp1ZDwVCEFfRiF73xp7YhPGFkOwQdG4RtUe1XpC/yVoXw4lyoYgktvn1fZZw Kk5aGoeQVrAlXsURWguxrplfhkU+ZNnPV+uFdc3s3aBhdQk61SrJnhswQKe1s60b x2UYV+DBF5AcO+c1RGmhhnniQdTqnnaLwSl3H7hyRb1wyQjmZEm3NV/3gJkR2FGk Bo4CBeMsIDePUa37W0iSM0t1HY4mPZqKRMRFZ34jC+misfmpgsZZhZvCxOgd8ifn 1NZ4ejRQgJZ6bV84cjXMet/DsQmQExWA6czjdVxL3DZ7IK7b7kqCHGcH29vp/Uhi tIe1yZ/h/6Zc3ZgxN8uVIDwoO91XWmipxjHy32OuXXVmkBa8QQwm5fhJXxWrx2xz Jgd153xof+0POHx/NZRD4F0C8UEXyC5gRg6mScl+XsIHwoqfBs4p7tWsd8vCbUio xhVAcQPjVIPCuKnzj75TPsC3nsN0LxfvY5dSermWhiMEZL87JXRMb3+gjnm5jcyj 2Sd+b38qxZb6IKnm20+oeKzFLMebND0skFlX/hCX1zjAb4FQjVsw48BlPA++tgI4 7fZpHbnfbI/X8ZBKVyNbXJkVBxYmeM38IITtJRbBaKjAaXuF+UeFdGrq1dk4 -----END CERTIFICATE----- 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root -----BEGIN CERTIFICATE----- MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM 8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9 N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9 HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ +gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/ BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0 dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8 Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p 0fKtirOMxyHNwu8= -----END CERTIFICATE----- 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root -----BEGIN CERTIFICATE----- MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= -----END CERTIFICATE----- --- Server certificate subject=/C=US/postalCode=98195/ST=WA/L=Seattle/street=4545 15th Ave NE/O=University of Washington/OU=UW-IT/CN=ldi.s.uw.edu issuer=/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA --- Acceptable client certificate CA names /C=CN/O=WoSign CA Limited/CN=CA \xE6\xB2\x83\xE9\x80\x9A\xE6\xA0\xB9\xE8\xAF\x81\xE4\xB9\xA6 /C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G3 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G2 /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 G3 /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 G3 /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 1 G3 /CN=Atos TrustedRoot 2011/O=Atos/C=DE /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2 /C=TR/L=Ankara/O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./OU=E-Tugra Sertifikasyon Merkezi/CN=E-Tugra Certification Authority /O=TeliaSonera/CN=TeliaSonera Root CA v1 /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA /CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2 /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R1 /C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root EV CA 2 /C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 2 /C=CN/O=China Internet Network Information Center/CN=China Internet Network Information Center EV Certificates Root /emailAddress=conta...@procert.net.ve/L=Chacao/ST=Miranda/OU=Proveedor de Certificados PROCERT/O=Sistema Nacional de Certificacion Electronica/C=VE/CN=PSCProcert /C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 EV 2009 /C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009 /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Aral\xC4\xB1k 2007 /C=EE/O=AS Sertifitseerimiskeskus/CN=EE Certification Centre Root CA/emailAddress=p...@sk.ee /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 3 /C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 Root CA /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA /C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2 /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority /C=GB/O=Trustis Limited/OU=Trustis FPS Root CA /C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA /C=GR/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions RootCA 2011 /C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2 /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root Certification Authority /C=AT/O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH/OU=A-Trust-nQual-03/CN=A-Trust-nQual-03 /C=ES/O=Generalitat Valenciana/OU=PKIGVA/CN=Root CA Generalitat Valenciana /C=FR/O=Certinomis/OU=0002 433998903/CN=Certinomis - Autorit\xC3\xA9 Racine /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA /C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC /C=US/O=AffirmTrust/CN=AffirmTrust Premium /C=US/O=AffirmTrust/CN=AffirmTrust Networking /C=US/O=AffirmTrust/CN=AffirmTrust Commercial /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2 /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2 /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008 /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008 /C=ES/O=IZENPE S.A./CN=Izenpe.com /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign /C=TR/O=Elektronik Bilgi Guvenligi A.S./CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi /C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=i...@e-szigno.hu /CN=ACEDICOM Root/OU=PKI/O=EDICOM/C=ES /C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11 /C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1 /emailAddress=p...@sk.ee/C=EE/O=AS Sertifitseerimiskeskus/CN=Juur-SK /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2 /C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3 /C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2 /C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3 /C=JP/O=Japanese Government/OU=ApplicationCA /C=CN/O=CNNIC/CN=CNNIC ROOT /C=RO/O=certSIGN/OU=certSIGN ROOT CA /CN=EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./C=TR /C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 CA 1 /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 CA 1 /C=TR/L=Gebze - Kocaeli/O=T\xC3\xBCrkiye Bilimsel ve Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK/OU=Ulusal Elektronik ve Kriptoloji Ara\xC5\x9Ft\xC4\xB1rma Enstit\xC3\xBCs\xC3\xBC - UEKAE/OU=Kamu Sertifikasyon Merkezi/CN=T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3 /C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority /O=Cybertrust, Inc/CN=Cybertrust Global Root /CN=ComSign Secured CA/O=ComSign/C=IL /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2 /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Universal CA/CN=TC TrustCenter Universal CA I /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 3 CA/CN=TC TrustCenter Class 3 CA II /C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 2 CA/CN=TC TrustCenter Class 2 CA II /C=FR/O=Dhimyotis/CN=Certigna /C=HU/L=Budapest/O=Microsec Ltd./OU=e-Szigno CA/CN=Microsec e-Szigno Root CA /C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1 /C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=i...@sgdn.pm.gouv.fr /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority /C=US/O=Wells Fargo WellsSecure/OU=Wells Fargo Bank NA/CN=WellsSecure Public Root Certificate Authority /C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority /C=US/O=SecureTrust Corporation/CN=Secure Global CA /C=US/O=SecureTrust Corporation/CN=SecureTrust CA /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA /C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority /C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2 /C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2 /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005 /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA/O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. /C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6 /O=Digital Signature Trust Co./CN=DST Root CA X3 /C=FR/O=Certplus/CN=Class 2 Primary CA /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA /C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1 /C=TW/O=Government Root Certification Authority /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority /C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority /C=HU/ST=Hungary/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado /C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Global Chambersign Root /C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN - DATACorp SGC /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA /C=FI/O=Sonera/CN=Sonera Class2 CA /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1 /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 /C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Trusted Certificate Services /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure Certificate Services /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services /C=PL/O=Unizeto Sp. z o.o./CN=Certum CA /C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root /C=US/O=America Online Inc./CN=America Online Root Certification Authority 2 /C=US/O=America Online Inc./CN=America Online Root Certification Authority 1 /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2 /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA /O=RSA Security Inc/OU=RSA Security 2048 V3 /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness CA-1 /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 4 Public Primary Certification Authority - G3 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3 /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=Equifax/OU=Equifax Secure Certificate Authority /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-ser...@thawte.com /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/emailAddress=server-ce...@thawte.com /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root /C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA /C=US/ST=WA/O=University of Washington/OU=UW Services/CN=UW Services CA/emailAddress=h...@cac.washington.edu /C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority --- SSL handshake has read 24034 bytes and written 427 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 7FAD99DD7CE53D203C3D19D5674649C234D90BBC77EE5849B670F489C21D6FA0 Session-ID-ctx: Master-Key: 42D5D8A2EAD3EB27975DC73441CB7A436635777F28F5EB0B66088E1C1A78097F8E2C0397AC3A600F1F046A9E940A6F29 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1493910266 Timeout : 300 (sec) Verify return code: 0 (ok) --- ^C root@ldi-deb8-test:~/UW-LDI# The only thing that looks funny is on debug level 2, I see a mismatch between "Want" and "Got" for tls_read..... root@ldi-deb8-test:~/UW-LDI# ldapwhoami -d2 -H 'ldaps://ldi.s.uw.edu' -w 'passwerd' -D cn=unitAdmin,ou=auth,ou=csde,ou=ldi,ou=uw,ou=edu tls_write: want=254, written=254 0000: 16 03 00 00 f9 01 00 00 f5 03 03 59 0b 4b ba a7 ...........Y.K.. 0010: ff e3 e0 bf 5b c0 21 2b b4 1f 18 c2 5d 49 52 c7 ....[.!+....]IR. 0020: 2f e4 8c ab d8 00 8d ed 60 1f 8e 00 00 84 c0 2b /.......`......+ 0030: c0 2c c0 86 c0 87 c0 09 c0 23 c0 0a c0 24 c0 72 .,.......#...$.r 0040: c0 73 c0 08 c0 07 c0 2f c0 30 c0 8a c0 8b c0 13 .s...../.0...... ...... 00d0: 00 15 00 17 00 18 00 19 00 0b 00 02 01 00 00 0d ................ 00e0: 00 1c 00 1a 04 01 04 02 04 03 05 01 05 03 06 01 ................ 00f0: 06 03 03 01 03 02 03 03 02 01 02 02 02 03 .............. tls_read: want=5, got=5 0000: 16 03 03 40 00 ...@. ********************** ********************** tls_read: want=16384, got=14475 ********************** 0000: 02 00 00 53 03 03 a0 ee 74 d9 af 45 b8 db bc b2 ...S....t..E.... ...... 00b0: 06 03 55 04 07 13 09 41 6e 6e 20 41 72 62 6f 72 ..U....Ann Arbor 00c0: 31 12 30 10 06 03 55 04 0a 13 09 49 6e 74 65 72 1.0...U....Inter 00d0: 6e 65 74 32 31 11 30 0f 06 03 55 04 0b 13 08 49 net21.0...U....I 00e0: 6e 43 6f 6d 6d 6f 6e 31 1f 30 1d 06 03 55 04 03 nCommon1.0...U.. 00f0: 13 16 49 6e 43 6f 6d 6d 6f 6e 20 52 53 41 20 53 ..InCommon RSA S 0100: 65 72 76 65 72 20 43 41 30 1e 17 0d 31 37 30 34 erver CA0...1704 0110: 31 31 30 30 30 30 30 30 5a 17 0d 32 30 30 34 31 11000000Z..20041 0120: 30 32 33 35 39 35 39 5a 30 81 a1 31 0b 30 09 06 0235959Z0..1.0.. 0130: 03 55 04 06 13 02 55 53 31 0e 30 0c 06 03 55 04 .U....US1.0...U. ...... -- System Information: Debian Release: 8.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ldap-utils depends on: ii libc6 2.19-18+deb8u7 ii libgnutls-deb0-28 3.3.8-6+deb8u4 ii libldap-2.4-2 2.4.40+dfsg-1+deb8u2 ii libsasl2-2 2.1.26.dfsg1-13+deb8u1 Versions of packages ldap-utils recommends: ii libsasl2-modules 2.1.26.dfsg1-13+deb8u1 Versions of packages ldap-utils suggests: ii libsasl2-modules-gssapi-mit 2.1.26.dfsg1-13+deb8u1 -- no debconf information