fredag 27. mai 2005, 08:25, skrev Geert Stappers: > On Thu, May 26, 2005 at 11:45:48PM +0200, Finn-Arne Johansen wrote: > > Geert Stappers wrote: > > > Hello, > > <snip/> > > > > In sys log file is this > > from the server > > > > May 26 21:11:17 tw89 slapd[5100]: daemon: read activity on 12 > > > May 26 21:11:17 tw89 slapd[5100]: connection_get(12) > > > May 26 21:11:17 tw89 slapd[5100]: connection_get(12): got connid=20 > > > May 26 21:11:17 tw89 slapd[5100]: connection_read(12): checking for > > > input on id=20 May 26 21:11:17 tw89 slapd[5100]: connection_read(12): > > > TLS accept error error=-1 id=20, closing May 26 21:11:17 tw89 > > > slapd[5100]: connection_closing: readying conn=20 sd=12 for close May > > > 26 21:11:17 tw89 slapd[5100]: connection_close: conn=20 sd=12 May 26 > > > 21:11:17 tw89 slapd[5100]: daemon: removing 12 > > > > > > (More available on request) > > > > > > > > > My questions are > > > > > > Why do I get the TLS accept error ? > > > > > > How to get more debug information when the loglevel is allready 16383 > > > ? > > > > > > Where to search for more clues? > > > > Have you told the clients to ignore the SSL certificate ? > > Sorry, not that I know. I use "plain" ldapsearch from the ldap-utils > package. > > The manaul page tells about SASL voodoo, but nothing about SSL. What should > I do at clients side to ignore or to honour the SSL certificate? > > > While being clueless, is the gut feeling is that the cullprit is at > serverside. Why should I search at client side?
Add to /etc/ldap/ldap.conf TLS_REQCERT allow for each client you want to accept a self-signed certificate. If you want nothing to do with certificates at all, then use TLS_REQCERT never man 5 ldap.conf gives you all the gory details. -- Ragnar Wisl�ff -------------- life is a reach. then you gybe.
