On Sat, Nov 22, 2014 at 01:18:18PM +0100, Ferenc Wagner wrote:
> Date: Sat, 22 Nov 2014 13:18:18 +0100
> From: Ferenc Wagner <wf...@niif.hu>
> To: wailok tam <wailok...@yahoo.com>
> Cc: openldap-technical@openldap.org
> Subject: Re: Can't contact LDAP server (-1) additional info:
> error:14077410:SSL routines :SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> failure
> Sender: openldap-technical <openldap-technical-boun...@openldap.org>
>
> wailok tam <wailok...@yahoo.com> writes:
>
> > ldapmodify -x -W -D 'cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp'
> > Enter LDAP Password:
> > ldap_bind: Can't contact LDAP server (-1) additional info:
> > error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> > failure
>
> Maybe you want to use SSLv3, and the server does not support it?
I suspect that the ldap.conf file has a URL of the form ldaps://<server>
but the config fragment we saw did not have any TLS config so ldaps: will
not work.
Quick test:
ldapmodify -x -h ldap://<server>/ -W -D
'cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp'
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------
