BTW, my dynamic language client is doing pretty much the same as this C example: https://docs.microsoft.com/en-us/previous-versions/windows/desktop/ldap/example-code-for-establishing-a-session-over-ssl?redirectedfrom=MSDN
I compiled and run that example, and I also get the same error: >ldaptest.exe 127.0.0.1 Connecting to host "127.0.0.1" ... Setting Protocol version to 3. Checking if SSL is enabled SSL not enabled. SSL being enabled... ldap_connect failed with 0x51. >From what I understand, the 0x51 is the same as my "LDAP_SERVER_DOWN (81)" I tried changing 127.0.0.1 to localhost, 0.0.0.0 etc...they all had the same issue. thanks! On Thu, Sep 8, 2022 at 8:33 AM Mariano Martinez Peck <[email protected]> wrote: > Hi Emmanuel, > > Looks like my client is not specifying any concrete version. However, I > made sure to allow all of them (at least as a test) on the server. See > attached screenshot. > > Thanks! > > > > On Thu, Sep 8, 2022 at 5:11 AM Emmanuel Lécharny <[email protected]> > wrote: > >> Hi, >> >> which TLS version are you using ? >> >> On 2022/09/07 23:55, Mariano Martinez Peck wrote: >> > Hi everyone, >> > >> > I am using a dynamic language that via FFI it wraps the wldap32 dll. I >> am >> > using ApacheDS and I can perfectly connect to it from my client using >> > normal LDAP. However, I cannot connect to it when using LDAPS. Yes, the >> > checkbox is checked to start LDAP (on port 10636) and everything seems >> > fine. In fact, from within ApacheDS I can open a connection to LDAPS >> and it >> > works. The problem is from my client. >> > >> > What I noticed is that in the logs, the following is printed: >> > >> > [17:28:23] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - >> > Unexpected exception forcing session to close: sending disconnect >> notice to >> > client. >> > javax.net.ssl.SSLException: Improper close state: Status = OK >> > HandshakeStatus = NEED_WRAP >> > bytesConsumed = 0 bytesProduced = 7 sequenceNumber = 1 >> > at >> org.apache.mina.filter.ssl.SslHandler.closeOutbound(SslHandler.java:497) >> > at >> org.apache.mina.filter.ssl.SslFilter.initiateClosure(SslFilter.java:762) >> > at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:693) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:49) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1155) >> > at >> > >> org.apache.mina.core.filterchain.IoFilterAdapter.filterClose(IoFilterAdapter.java:146) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:49) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1155) >> > at >> > >> org.apache.mina.filter.executor.ExecutorFilter.filterClose(ExecutorFilter.java:608) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:49) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1155) >> > at >> > >> org.apache.mina.core.filterchain.IoFilterAdapter.filterClose(IoFilterAdapter.java:146) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:776) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireFilterClose(DefaultIoFilterChain.java:769) >> > at >> > >> org.apache.mina.core.session.AbstractIoSession.closeNow(AbstractIoSession.java:353) >> > at >> > >> org.apache.mina.core.service.IoHandlerAdapter.inputClosed(IoHandlerAdapter.java:102) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.inputClosed(DefaultIoFilterChain.java:997) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119) >> > at >> > >> org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119) >> > at >> > >> org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119) >> > at >> > >> org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:49) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.inputClosed(DefaultIoFilterChain.java:1119) >> > at >> > >> org.apache.mina.core.filterchain.IoFilterAdapter.inputClosed(IoFilterAdapter.java:154) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextInputClosed(DefaultIoFilterChain.java:735) >> > at >> > >> org.apache.mina.core.filterchain.DefaultIoFilterChain.fireInputClosed(DefaultIoFilterChain.java:728) >> > at >> > >> org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:556) >> > at >> > >> org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68) >> > at >> > >> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1222) >> > at >> > >> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1211) >> > at >> > >> org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683) >> > at >> > >> org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) >> > at >> > >> java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) >> > at >> > >> java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) >> > at java.base/java.lang.Thread.run(Thread.java:829) >> > >> > >> > On my C client, I get the error "LDAP_SERVER_DOWN (81)" when calling the >> > function ldap_simple_bind_s() >> > >> > >> > Does this tell anything to anyone? >> > >> > Thanks in advance! >> > >> > >> >> -- >> *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE >> T. +33 (0)4 89 97 36 50 >> P. +33 (0)6 08 33 32 61 >> [email protected] https://www.busit.com/ >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> > > -- > Mariano Martinez Peck > Email: [email protected] > Twitter: @MartinezPeck > LinkedIn: www.linkedin.com/in/mariano-martinez-peck > <https://www.linkedin.com/in/mariano-mart%C3%ADnez-peck/> > Blog: https://marianopeck.wordpress.com/ > -- Mariano Martinez Peck Email: [email protected] Twitter: @MartinezPeck LinkedIn: www.linkedin.com/in/mariano-martinez-peck <https://www.linkedin.com/in/mariano-mart%C3%ADnez-peck/> Blog: https://marianopeck.wordpress.com/
