Re: LDAPS

Fri, 20 Mar 2009 09:24:06 -0700

LDAPSHow do I turn on debugging for Net::LDAP? Also, I'm not familiar with the ldapserach syntax, but: 

[r...@mx1 ~]# ldapsearch -h domain.tld -Z
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed 
[r...@mx1 ~]#
This "error" also displays on hosts where Net::LDAPS runs fine so I guess it's not related to the problem. BTW, I'm using a self signed CA if this is relevant.
----- Original Message ----- From: Miller, Don C. 
To: Helmut Schneider ; perl-ldap@perl.org
Sent: Friday, March 20, 2009 4:57 PM
Subject: RE: LDAPS
Helmut, try connecting with debugging on and see what is happening. Also, try using ldapsearch in verbose mode. It might give you good information about the connection as well. 

Don



From: Helmut Schneider [mailto:jumpe...@gmx.de]
Sent: Fri 3/20/2009 8:30 AM
To: perl-ldap@perl.org
Subject: LDAPS


Hi,

I ran Net::LDAP on 5 Servers, 2*OpenBSD, 3*FreeBSD. I'm using it to connect
to an MS Active Directory. Everything was fine, also connecting via LDAPS.

Now I switched the 2 OpenBSD computers to FreeBSD and I'm not able to
connect via LDAPS anymore. LDAP is fine.

The code is:

our $scheme = "ldap";
our $dnsDomain = "domain.tld";
$_conn = Net::LDAP->new($dnsDomain, scheme=>$scheme) or die "Couldn't
connect to '$scheme://$dnsDomain' for domain '$_dnsDomain' using searchbase
'$_searchbase'. $!!\n";
$_conn->bind($ldapBindUser, password=>$ldapBindPass) or die "Couldn't bind
to '$scheme://$dnsDomain' for domain '$_dnsDomain' using searchbase
'$_searchbase'. $!!\n";

If I switch to

our $scheme = "ldaps";

I get the error:

Couldn't connect to 'ldaps://domain.tld' for domain '' using searchbase
'CN=Partitions,CN=Configuration,DC=domain,DC=tld'. Invalid argument!

According to tcpdump there are no pakets transmitted at TCP 636.

But again, the 3 other FreeBSD machines do fine using LDAPS. What did I
miss?
Thanks, Helmut

Reply via email to