Bug#381788: [Pkg-openldap-devel] Re: Bug#381788: slapd: TLS
connections fail when running as non-root
Berg, Michael
michaeljberg at gmail.com
Wed Aug 9 04:28:31 UTC 2006
> Does it work if you use "-h localhost" (similar to what you were doing
> with the openssl command)?
>
> Generally, you must provide the fully qualified domain name to the "-h"
> parameter for SSL/TLS to work.
>
> For example, "-h ldap" doesn't work for me, but "-h ldap.stanford.edu"
> does.
My FQDN is "server.misumasu.dyndns.org", which also has a CNAME of
"ldap.misumasu.dyndns.org" (this CNAME is what the SSL cert is issued to).
$ ldapsearch -h ldap.misumasu.dyndns.org -x -ZZ
$ ldapsearch -h ldap -x -ZZ
$ ldapsearch -h server.misumasu.dyndns.org -x -ZZ
$ ldapsearch -h server -x -ZZ
$ ldapsearch -h localhost.localdomain -x -ZZ
$ ldapsearch -h localhost -x -ZZ
$ ldapsearch -h 127.0.0.1 -x -ZZ
all produce the exact same error message when slapd is running as non-root).
And my /etc/ldap/ldap.conf file contains the line
"URI ldap://ldap.misumasu.dyndns.org"
so the default when running "ldapsearch -x -ZZ"
is equivalent to running
"ldapsearch -H 'ldap://ldap.misumasu.dyndns.org' -x -ZZ"
Just to be thorough,
$ openssl s_client -connect ldap.misumasu.dyndns.org:636
$ openssl s_client -connect ldap:636
$ openssl s_client -connect server.misumasu.dyndns.org:636
$ openssl s_client -connect server:636
also all fail with the same error messages when slapd is running as non-root.
More information about the Pkg-openldap-devel
mailing list