--On Wednesday, August 22, 2007 8:33 PM -0400 Chuck Keagle
<[EMAIL PROTECTED]> wrote:
The startTLS option to ldapsearch indicates TLS was working fine. The
only difference in the output between not using -ZZ and using -ZZ is the
search result. With -ZZ, search: 3. Without -ZZ, search: 2. However,
the ldap.log file shows the following error I would like to better
understand:
Aug 22 17:23:40 denali slapd[30178]: connection_read(12): unable to get
TLS client DN error=49 id=3536
That's an interesting error, which I've never seen before. Can you print
out the text information of the cert the ldap server is using?
It seems to be logged once per ldapsearch -ZZ -x but not during the
ldapsearch -x.
Well, just plain -x doesn't touch TLS at all, so I'm not surprised that it
doesn't show a TLS only error. ;)
In any case, given that the errors you are seeing between using ldapsearch
and ssh are different, it suggests that the process initiating binds to the
LDAP Server when ssh is used is not correctly configured to use TLS. I'd
note that this may be in the pam_ldap and nss_ldap configuration pieces,
which I don't see in this email thread.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
---
You are currently subscribed to [EMAIL PROTECTED] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
