JOYDEEP wrote:
Dear list,
I have been fighting with TLS authentication for LDAP since last two
days and after getting no success I’m writting this mail in hope to
Dear list, I have finally solved the problem. I have opened the ldaps like
/usr/lib/openldap/slapd -h ldaps://0.0.0.0:636/ -d 1
and then checked with openssl s_client -connect localhost:636
-showcerts and it shows the certificate 
but in debug mode there is still an error like connection_read(12):
unable to get TLS client DN, error=49 id=0
so what may be the problem here ? More over the ldap clients can’t bind
with the ldap even after defining the port 636 in the client.
Hence I can’t authenticate egw users as my authentication is based on LDAP.
thanks
get some help. I’m using openldap and I have already done some R&D and
here I’m giving the details of the work so far.
1> I have generated a self-signed certificate with the command
# openssl req -newkey rsa:1024 -x509 -nodes -out
server.pem -keyout server.pem -days 365
2> I have modified the /etc/openldap/slapd.conf like
TLSCertificateFile /etc/ssl/server.pem
TLSCertificateKeyFile /etc/ssl/server.pem
TLSCACertificateFile /etc/ssl/server.pem
3> Now I started slapd in debug mode like “slapd -d 255”
I can see that LDAP has opened a port at 389 ( using nmap
command in linux)
4> “ldapsearch -h localhost -p 389 -x -b “” -s base -LLL -ZZ
supportedSASLMechanisms” shows
dn:
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: DIGEST-MD5
5> now " openssl s_client -connect localhost:389 -showcerts -state
-CAfile /etc/ssl/joydeep/joy/server.pem" shows
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
24910:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
6> the message from “slapd -d 255” is
ber_get_next on fd 14 failed errno=34 (Numerical
result out of range)
I have read some tutorial from the net and configured accordingly but
still have the same ssl handshake failure error.
I really need some help to solve this. could any one kindly show me the
way ?
thanks.
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net’s Techsay panel and you’ll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net’s Techsay panel and you’ll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
eGroupWare-users mailing list
eGroupWare-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/egroupware-users
