Hello, On a Ubuntu Linux 8.04 machine, I can't query my OpenBSD 4.9 ldapd(8). It works from the local OpenBSD and from a remote NetBSD server. All machines have the CA file installed in the OpenSSL directory and the ldap.conf file configured to use that particular CA file.
Here's what I get on the Linux box: $ ldapsearch -d 1 -x -H ldaps://ldap.tumfatig.net -D "cn=email,dc=tumfatig,dc=net" \ -W -b "ou=users,dc=tumfatig,dc=net" mail=j...@carnat.net ldap_url_parse_ext(ldaps://ldap.tumfatig.net) ldap_create ldap_url_parse_ext(ldaps://ldap.tumfatig.net:636/??base) Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldap.tumfatig.net:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 10.0.0.50:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: can't connect: The Diffie Hellman prime sent by the server is not acceptable \ (not long enough).. ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Not sure if that matters, but the OpenBSD's openssl.cnf (which was used to generate and sign the CA and certificate files) contains: default_bits = 4096 Is there a way to tell ldapd(8) to use a bigger DH value ? TIA, Jo
