[Openca-Users] Fwd: ldap tls/ssl connection

Fri, 11 Mar 2011 06:52:45 -0800 


-------- Original Message --------
Subject:        ldap tls/ssl connection
Date:   Fri, 11 Mar 2011 15:45:09 +0100
From:   Sergio Marino <sermar...@yahoo.it>
To:     openca-users-ow...@lists.sourceforge.net



Hi all,
I've installed OpenCa and now I'm trying to enable LDAP support on it.
The LDAP server supports only secure connection on TLS/SSL and when I
try to add a certificate in LDAP from the web-interface of OpenCA I get
the following error:

---------------------------------------------------------------------------------------------------------------------------

Certificate 0 FAILED (error 81: LDAP-bind failed: Can't contact LDAP server)

---------------------------------------------------------------------------------------------------------------------------

The log file of LDAP server reports instead:

---------------------------------------------------------------------------------------------------------------------------
TLS trace: SSL_accept:error in SSLv2/v3 read client hello A
TLS: can't accept: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol.
connection_read(13): TLS accept failure error=-1 id=1002, closing
connection_closing: readying conn=1002 sd=13 for close
connection_close: conn=1002 sd=13
daemon: activity on 1 descriptor
daemon: activity on:
daemon: removing 13
conn=1002 fd=13 closed (TLS negotiation failure)
daemon: epoll: listen=6 active_threads=0 tvp=zero
daemon: epoll: listen=7 active_threads=0 tvp=zero
Certificate 0 FAILED (error 81: LDAP-bind failed: Can't contact LDAP server)
---------------------------------------------------------------------------------------------------------------------------

I tried to set up correctly the parameters on slapd.conf, but without
success.
Here's the security part of the file

---------------------------------------------------------------------------------------------------------------------------

TLSCipherSuite         HIGH:MEDIUM
TLSCertificateFile      /etc/openldap/ssl/server.pem
TLSCertificateKeyFile /etc/openldap/ssl/server.key
TLSCACertificateFile  /etc/openldap/ssl/cacert.pem
TLSVerifyClient         allow

---------------------------------------------------------------------------------------------------------------------------

Any help is highly appreciated.
Thanks in advance.

Regards.
Sergio.


------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to