I setup LDAPS (yes, will be switching to ldap + StartTLS) and ran
intosomething odd and I'm really just looking for a bit of context.
Everything is working correctlyand I'm able to authenticate clients to
the ldap server, however when I runthe following ldapsearch I get an error:
jschaeffer@zipmaster07:~$ ldapsearch -LLL -v -D
cn=admin,dc=harmonywave,dc=com -W -H ldaps://baneling -b
uid=jschaeffer,ou=People,dc=harmonywave,dc=com
ldap_initialize( ldaps://baneling:636/??base )
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
And from the debug output:
531c7c0a ber_get_next on fd 12 failed errno=0 (Success)
531c7c0a conn=1000 op=1 do_unbind
531c7c0a connection_close: conn=1000 sd=12
531c7c18 slap_listener_activate(6):
531c7c18 >>> slap_listener(ldaps:///)
531c7c18 connection_get(12): got connid=1001
531c7c18 connection_read(12): checking for input on id=1001
531c7c18 connection_get(12): got connid=1001
531c7c18 connection_read(12): checking for input on id=1001
531c7c18 connection_read(12): unable to get TLS client DN, error=49 id=1001
531c7c18 connection_get(12): got connid=1001
531c7c18 connection_read(12): checking for input on id=1001
ber_get_next
531c7c18 ber_get_next on fd 12 failed errno=0 (Success)
531c7c18 connection_close: conn=1001 sd=12
If I use the FQDN for the URI then everything works fine and I get
results. I know DNS is working correctly, I can ping the server name
and it returns the FQDN and reverse DNS resolution also works. The
hostname and hostname -f commands work correctly on both client and server.
Was it never intended for ldap commands to resolve server names to their
FQDN? I'm also assuming that ldap + StartTLS would show the same behavior.
