[Pkg-openldap-devel] Bug#861838: ldap-utils: ldapsearch and ldapwhoami cannot connect to ldaps server
root
csdecc at u.washington.edu
Thu May 4 15:42:40 UTC 2017
Package: ldap-utils
Version: 2.4.40+dfsg-1+deb8u2
Severity: normal
Dear Maintainer,
On a fresh install of Debian 8, I cannot get ldapsearch or ldapwhoami to connect to an LDAPS
server. There appears to be some TLS happening, and a connections is made,
but then it fails without any useful error messages on debug level 1.
contents of /etc/ldap/ldap.conf:
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
# MattW 04/19/2017 - Added the following
TLS_REQCERT allow
SSL start_tls
root at ldi-deb8-test:~/UW-LDI# !ldapsearch
ldapsearch -d1 -Z -H ldap://ldi.s.uw.edu -W -D cn=unitAdmin,ou=auth,ou=csde,dc=ldi,dc=uw,dc=edu -LLL -s base -b cn=unitAdmin,ou=auth,ou=csde,dc=ldi,dc=uw,dc=edu
ldap_url_parse_ext(ldap://ldi.s.uw.edu)
ldap_create
ldap_url_parse_ext(ldap://ldi.s.uw.edu:389/??base)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldi.s.uw.edu:389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 69.91.245.42:389
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 31 bytes to sd 4
ldap_result ld 0x7f9918572860 msgid 1
wait4msg ld 0x7f9918572860 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f9918572860 msgid 1 all 1
** ld 0x7f9918572860 Connections:
* host: ldi.s.uw.edu port: 389 (default)
refcnt: 2 status: Connected
last used: Thu May 4 08:08:31 2017
** ld 0x7f9918572860 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f9918572860 request count 1 (abandoned 0)
** ld 0x7f9918572860 Response Queue:
Empty
ld 0x7f9918572860 response count 0
ldap_chkResponseList ld 0x7f9918572860 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f9918572860 NULL
ldap_int_select
read1msg: ld 0x7f9918572860 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 12 contents:
read1msg: ld 0x7f9918572860 msgid 1 message type extended-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x7f9918572860 0 new referrals
read1msg: mark request completed, ld 0x7f9918572860 msgid 1
request done: ld 0x7f9918572860 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eAA) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 74 bytes to sd 4
ldap_result ld 0x7f9918572860 msgid 2
wait4msg ld 0x7f9918572860 msgid 2 (infinite timeout)
wait4msg continue ld 0x7f9918572860 msgid 2 all 1
** ld 0x7f9918572860 Connections:
* host: ldi.s.uw.edu port: 389 (default)
refcnt: 2 status: Connected
last used: Thu May 4 08:08:38 2017
** ld 0x7f9918572860 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f9918572860 request count 1 (abandoned 0)
** ld 0x7f9918572860 Response Queue:
Empty
ld 0x7f9918572860 response count 0
ldap_chkResponseList ld 0x7f9918572860 msgid 2 all 1
ldap_chkResponseList returns ld 0x7f9918572860 NULL
ldap_int_select
read1msg: ld 0x7f9918572860 msgid 2 all 1
ber_get_next
ldap_err2string
ldap_result: Can't contact LDAP server (-1)
ldap_free_request (origid 2, msgid 2)
ldap_free_connection 1 1
ldap_free_connection: actually freed
root at ldi-deb8-test:~/UW-LDI#
root at ldi-deb8-test:~/UW-LDI# ldapwhoami -d1 -H 'ldaps://ldi.s.uw.edu' -w 'passwerd' -D cn=unitAdmin,ou=auth,ou=csde,ou=ldi,ou=uw,ou=edu
ldap_url_parse_ext(ldaps://ldi.s.uw.edu)
ldap_create
ldap_url_parse_ext(ldaps://ldi.s.uw.edu:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldi.s.uw.edu:636
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 128.208.178.146:636
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({i) ber:
ber_flush2: 74 bytes to sd 4
ldap_result ld 0x7f80d936b820 msgid 1
wait4msg ld 0x7f80d936b820 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f80d936b820 msgid 1 all 1
** ld 0x7f80d936b820 Connections:
* host: ldi.s.uw.edu port: 636 (default)
refcnt: 2 status: Connected
last used: Thu May 4 08:35:31 2017
** ld 0x7f80d936b820 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f80d936b820 request count 1 (abandoned 0)
** ld 0x7f80d936b820 Response Queue:
Empty
ld 0x7f80d936b820 response count 0
ldap_chkResponseList ld 0x7f80d936b820 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f80d936b820 NULL
ldap_int_select
read1msg: ld 0x7f80d936b820 msgid 1 all 1
ber_get_next
ldap_err2string
ldap_result: Can't contact LDAP server (-1)
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_free_connection: actually freed
root at ldi-deb8-test:~/UW-LDI#
The server negotatates SSL/TLS just fine as evidenced here:
root at ldi-deb8-test:~/UW-LDI#
root at ldi-deb8-test:~/UW-LDI# openssl s_client -showcerts -connect ldi1.s.uw.edu:636
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
verify return:1
depth=1 C = US, ST = MI, L = Ann Arbor, O = Internet2, OU = InCommon, CN = InCommon RSA Server CA
verify return:1
depth=0 C = US, postalCode = 98195, ST = WA, L = Seattle, street = 4545 15th Ave NE, O = University of Washington, OU = UW-IT, CN = ldi.s.uw.edu
verify return:1
---
Certificate chain
0 s:/C=US/postalCode=98195/ST=WA/L=Seattle/street=4545 15th Ave NE/O=University of Washington/OU=UW-IT/CN=ldi.s.uw.edu
i:/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgIRAJNPgvItbcxkD86hV5ehNZAwDQYJKoZIhvcNAQELBQAw
djELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk1JMRIwEAYDVQQHEwlBbm4gQXJib3Ix
EjAQBgNVBAoTCUludGVybmV0MjERMA8GA1UECxMISW5Db21tb24xHzAdBgNVBAMT
FkluQ29tbW9uIFJTQSBTZXJ2ZXIgQ0EwHhcNMTcwNDExMDAwMDAwWhcNMjAwNDEw
MjM1OTU5WjCBoTELMAkGA1UEBhMCVVMxDjAMBgNVBBETBTk4MTk1MQswCQYDVQQI
EwJXQTEQMA4GA1UEBxMHU2VhdHRsZTEZMBcGA1UECRMQNDU0NSAxNXRoIEF2ZSBO
RTEhMB8GA1UEChMYVW5pdmVyc2l0eSBvZiBXYXNoaW5ndG9uMQ4wDAYDVQQLEwVV
Vy1JVDEVMBMGA1UEAxMMbGRpLnMudXcuZWR1MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAwWduvzE0BVz9j2oDDBlN7+NPQPNN8CWwqvwposDbjdU9U/jo
gNQYwFtdo4vkY1dJxrU7x5SbIZ+Nr2ilkj1cQw/16CANzA8JEPUDTCcrIYS7SF54
S0rxXJ5b9wnBU+rrGweULcbfM12v1rImWce+7WXsHm8YHkEI1ALv/FtTMgCFvzzv
IO2rcaMLq2a1Rfhb2gRy0PZSXOHbA2LXz5VSNnO2Ta5N6WXuD0b37arOqqn4mj1/
K7q30T7R0FsE+RbxXVPZrAb+fY19E10befuTV3W88UISWgnEkI6F2bSRwDdDdh1H
zaHmgqtEkjjv3FALX+oSre+fQL7rb712xUxIJwIDAQABo4IB7TCCAekwHwYDVR0j
BBgwFoAUHgWjd49sluJbh0umtIascQAM5zgwHQYDVR0OBBYEFJG1GjtEudSWuxQj
fb0Xcng92Y9VMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjBnBgNVHSAEYDBeMFIGDCsGAQQBriMBBAMB
ATBCMEAGCCsGAQUFBwIBFjRodHRwczovL3d3dy5pbmNvbW1vbi5vcmcvY2VydC9y
ZXBvc2l0b3J5L2Nwc19zc2wucGRmMAgGBmeBDAECAjBEBgNVHR8EPTA7MDmgN6A1
hjNodHRwOi8vY3JsLmluY29tbW9uLXJzYS5vcmcvSW5Db21tb25SU0FTZXJ2ZXJD
QS5jcmwwdQYIKwYBBQUHAQEEaTBnMD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LnVz
ZXJ0cnVzdC5jb20vSW5Db21tb25SU0FTZXJ2ZXJDQV8yLmNydDAlBggrBgEFBQcw
AYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTBEBgNVHREEPTA7ggxsZGkucy51
dy5lZHWCDWxkaTEucy51dy5lZHWCDWxkaTIucy51dy5lZHWCDWxkaTMucy51dy5l
ZHUwDQYJKoZIhvcNAQELBQADggEBACugROqn+Jb0O6iWVJJhKx8W+3i430HiOaOs
/HCVJnKfSpu758jfT5ogvTvCmxuKNbKkdEXj1p863mX4Xv9HLDlMaWxmWvhv5YrS
DMtKiwIj1B4PKFoHknQ5kMk6x7Qaxihul7JGUdq6D+ajJ+b4dZROVTbq4dI4rdEZ
28eg/Kvusqftz7lMnIkaPCepkhhbI98v4k1Zopsgf9MkcnTZJYe2ZbcdgmEITbfZ
+QoFpIQ3415sadQm8mB+NIH2pFQv/L2/P5SucdsBHOSlZIQU8z82tuqEPBjop1oL
+GvPCTj06lFOVHJw0MNNX2KPvYmrARLEONRTTZpg4jwEZU8+A28=
-----END CERTIFICATE-----
1 s:/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA
i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
-----BEGIN CERTIFICATE-----
MIIF+TCCA+GgAwIBAgIQJbVdRZm0XXTm3MkhAFSBcjANBgkqhkiG9w0BAQ0FADCB
iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl
cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV
BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQw
OTE5MDAwMDAwWhcNMjQwOTE4MjM1OTU5WjB2MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCTUkxEjAQBgNVBAcTCUFubiBBcmJvcjESMBAGA1UEChMJSW50ZXJuZXQyMREw
DwYDVQQLEwhJbkNvbW1vbjEfMB0GA1UEAxMWSW5Db21tb24gUlNBIFNlcnZlciBD
QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJwb8bsvf2MYFVFRVA+e
xU5NEFj6MJsXKZDmMwysE1N8VJG06thum4ltuzM+j9INpun5uukNDBqeso7JcC7v
HgV9lestjaKpTbOc5/MZNrun8XzmCB5hJ0R6lvSoNNviQsil2zfVtefkQnI/tBPP
iwckRR6MkYNGuQmm/BijBgLsNI0yZpUn6uGX6Ns1oytW61fo8BBZ321wDGZq0GTl
qKOYMa0dYtX6kuOaQ80tNfvZnjNbRX3EhigsZhLI2w8ZMA0/6fDqSl5AB8f2IHpT
eIFken5FahZv9JNYyWL7KSd9oX8hzudPR9aKVuDjZvjs3YncJowZaDuNi+L7RyML
fzcCAwEAAaOCAW4wggFqMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bL
MB0GA1UdDgQWBBQeBaN3j2yW4luHS6a0hqxxAAznODAOBgNVHQ8BAf8EBAMCAYYw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgGBmeBDAECAjBQBgNVHR8ESTBHMEWgQ6BB
hj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQ2VydGlmaWNh
dGlvbkF1dGhvcml0eS5jcmwwdgYIKwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNo
dHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVNFUlRydXN0UlNBQWRkVHJ1c3RDQS5j
cnQwJQYIKwYBBQUHMAGGGWh0dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZI
hvcNAQENBQADggIBAE3VdfpMw+uUkDK0VtAs3Op7bAOXhHqVbcZf+utvwT0n2Bj9
6vp8Jp1ZDwVCEFfRiF73xp7YhPGFkOwQdG4RtUe1XpC/yVoXw4lyoYgktvn1fZZw
Kk5aGoeQVrAlXsURWguxrplfhkU+ZNnPV+uFdc3s3aBhdQk61SrJnhswQKe1s60b
x2UYV+DBF5AcO+c1RGmhhnniQdTqnnaLwSl3H7hyRb1wyQjmZEm3NV/3gJkR2FGk
Bo4CBeMsIDePUa37W0iSM0t1HY4mPZqKRMRFZ34jC+misfmpgsZZhZvCxOgd8ifn
1NZ4ejRQgJZ6bV84cjXMet/DsQmQExWA6czjdVxL3DZ7IK7b7kqCHGcH29vp/Uhi
tIe1yZ/h/6Zc3ZgxN8uVIDwoO91XWmipxjHy32OuXXVmkBa8QQwm5fhJXxWrx2xz
Jgd153xof+0POHx/NZRD4F0C8UEXyC5gRg6mScl+XsIHwoqfBs4p7tWsd8vCbUio
xhVAcQPjVIPCuKnzj75TPsC3nsN0LxfvY5dSermWhiMEZL87JXRMb3+gjnm5jcyj
2Sd+b38qxZb6IKnm20+oeKzFLMebND0skFlX/hCX1zjAb4FQjVsw48BlPA++tgI4
7fZpHbnfbI/X8ZBKVyNbXJkVBxYmeM38IITtJRbBaKjAaXuF+UeFdGrq1dk4
-----END CERTIFICATE-----
2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK
ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD
VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt
UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf
jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM
8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm
AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV
Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9
N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF
qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9
HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ
+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv
A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/
BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud
HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4
dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0
dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD
lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn
RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ
YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8
Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf
Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p
0fKtirOMxyHNwu8=
-----END CERTIFICATE-----
3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux
FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h
bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v
dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt
H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9
uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX
mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX
a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN
E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0
WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD
VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0
Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU
cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx
IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN
AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH
YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5
6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC
Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX
c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a
mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/postalCode=98195/ST=WA/L=Seattle/street=4545 15th Ave NE/O=University of Washington/OU=UW-IT/CN=ldi.s.uw.edu
issuer=/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA
---
Acceptable client certificate CA names
/C=CN/O=WoSign CA Limited/CN=CA \xE6\xB2\x83\xE9\x80\x9A\xE6\xA0\xB9\xE8\xAF\x81\xE4\xB9\xA6
/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G3
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G2
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 G3
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 G3
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 1 G3
/CN=Atos TrustedRoot 2011/O=Atos/C=DE
/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2
/C=TR/L=Ankara/O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./OU=E-Tugra Sertifikasyon Merkezi/CN=E-Tugra Certification Authority
/O=TeliaSonera/CN=TeliaSonera Root CA v1
/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA
/CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES
/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2
/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R1
/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root EV CA 2
/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 2
/C=CN/O=China Internet Network Information Center/CN=China Internet Network Information Center EV Certificates Root
/emailAddress=contacto at procert.net.ve/L=Chacao/ST=Miranda/OU=Proveedor de Certificados PROCERT/O=Sistema Nacional de Certificacion Electronica/C=VE/CN=PSCProcert
/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 EV 2009
/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Aral\xC4\xB1k 2007
/C=EE/O=AS Sertifitseerimiskeskus/CN=EE Certification Centre Root CA/emailAddress=pki at sk.ee
/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 3
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 Root CA
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA
/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
/C=GB/O=Trustis Limited/OU=Trustis FPS Root CA
/C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA
/C=GR/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions RootCA 2011
/C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root Certification Authority
/C=AT/O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH/OU=A-Trust-nQual-03/CN=A-Trust-nQual-03
/C=ES/O=Generalitat Valenciana/OU=PKIGVA/CN=Root CA Generalitat Valenciana
/C=FR/O=Certinomis/OU=0002 433998903/CN=Certinomis - Autorit\xC3\xA9 Racine
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
/C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC
/C=US/O=AffirmTrust/CN=AffirmTrust Premium
/C=US/O=AffirmTrust/CN=AffirmTrust Networking
/C=US/O=AffirmTrust/CN=AffirmTrust Commercial
/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2
/C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008
/C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008
/C=ES/O=IZENPE S.A./CN=Izenpe.com
/C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
/C=TR/O=Elektronik Bilgi Guvenligi A.S./CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
/C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=info at e-szigno.hu
/CN=ACEDICOM Root/OU=PKI/O=EDICOM/C=ES
/C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11
/C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1
/emailAddress=pki at sk.ee/C=EE/O=AS Sertifitseerimiskeskus/CN=Juur-SK
/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2
/C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority
/C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
/C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
/C=JP/O=Japanese Government/OU=ApplicationCA
/C=CN/O=CNNIC/CN=CNNIC ROOT
/C=RO/O=certSIGN/OU=certSIGN ROOT CA
/CN=EBG Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/O=EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./C=TR
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 CA 1
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 CA 1
/C=TR/L=Gebze - Kocaeli/O=T\xC3\xBCrkiye Bilimsel ve Teknolojik Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK/OU=Ulusal Elektronik ve Kriptoloji Ara\xC5\x9Ft\xC4\xB1rma Enstit\xC3\xBCs\xC3\xBC - UEKAE/OU=Kamu Sertifikasyon Merkezi/CN=T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3
/C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority
/O=Cybertrust, Inc/CN=Cybertrust Global Root
/CN=ComSign Secured CA/O=ComSign/C=IL
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Universal CA/CN=TC TrustCenter Universal CA I
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 3 CA/CN=TC TrustCenter Class 3 CA II
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 2 CA/CN=TC TrustCenter Class 2 CA II
/C=FR/O=Dhimyotis/CN=Certigna
/C=HU/L=Budapest/O=Microsec Ltd./OU=e-Szigno CA/CN=Microsec e-Szigno Root CA
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication EV RootCA1
/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca at sgdn.pm.gouv.fr
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority
/C=US/O=Wells Fargo WellsSecure/OU=Wells Fargo Bank NA/CN=WellsSecure Public Root Certificate Authority
/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority
/C=US/O=SecureTrust Corporation/CN=Secure Global CA
/C=US/O=SecureTrust Corporation/CN=SecureTrust CA
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA/O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
/C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6
/O=Digital Signature Trust Co./CN=DST Root CA X3
/C=FR/O=Certplus/CN=Class 2 Primary CA
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1
/C=TW/O=Government Root Certification Authority
/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
/C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority
/C=HU/ST=Hungary/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
/C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Global Chambersign Root
/C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN - DATACorp SGC
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA
/C=FI/O=Sonera/CN=Sonera Class2 CA
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
/C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Trusted Certificate Services
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure Certificate Services
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
/C=PL/O=Unizeto Sp. z o.o./CN=Certum CA
/C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root
/C=US/O=America Online Inc./CN=America Online Root Certification Authority 2
/C=US/O=America Online Inc./CN=America Online Root Certification Authority 1
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/O=RSA Security Inc/OU=RSA Security 2048 V3
/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness CA-1
/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 4 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server at thawte.com
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/emailAddress=server-certs at thawte.com
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA
/C=US/ST=WA/O=University of Washington/OU=UW Services/CN=UW Services CA/emailAddress=help at cac.washington.edu
/C=US/ST=MI/L=Ann Arbor/O=Internet2/OU=InCommon/CN=InCommon RSA Server CA
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority
---
SSL handshake has read 24034 bytes and written 427 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 7FAD99DD7CE53D203C3D19D5674649C234D90BBC77EE5849B670F489C21D6FA0
Session-ID-ctx:
Master-Key: 42D5D8A2EAD3EB27975DC73441CB7A436635777F28F5EB0B66088E1C1A78097F8E2C0397AC3A600F1F046A9E940A6F29
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1493910266
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
^C
root at ldi-deb8-test:~/UW-LDI#
The only thing that looks funny is on debug level 2, I see a mismatch between "Want" and "Got" for tls_read.....
root at ldi-deb8-test:~/UW-LDI# ldapwhoami -d2 -H 'ldaps://ldi.s.uw.edu' -w 'passwerd' -D cn=unitAdmin,ou=auth,ou=csde,ou=ldi,ou=uw,ou=edu
tls_write: want=254, written=254
0000: 16 03 00 00 f9 01 00 00 f5 03 03 59 0b 4b ba a7 ...........Y.K..
0010: ff e3 e0 bf 5b c0 21 2b b4 1f 18 c2 5d 49 52 c7 ....[.!+....]IR.
0020: 2f e4 8c ab d8 00 8d ed 60 1f 8e 00 00 84 c0 2b /.......`......+
0030: c0 2c c0 86 c0 87 c0 09 c0 23 c0 0a c0 24 c0 72 .,.......#...$.r
0040: c0 73 c0 08 c0 07 c0 2f c0 30 c0 8a c0 8b c0 13 .s...../.0......
......
00d0: 00 15 00 17 00 18 00 19 00 0b 00 02 01 00 00 0d ................
00e0: 00 1c 00 1a 04 01 04 02 04 03 05 01 05 03 06 01 ................
00f0: 06 03 03 01 03 02 03 03 02 01 02 02 02 03 ..............
tls_read: want=5, got=5
0000: 16 03 03 40 00 ... at .
**********************
********************** tls_read: want=16384, got=14475
**********************
0000: 02 00 00 53 03 03 a0 ee 74 d9 af 45 b8 db bc b2 ...S....t..E....
......
00b0: 06 03 55 04 07 13 09 41 6e 6e 20 41 72 62 6f 72 ..U....Ann Arbor
00c0: 31 12 30 10 06 03 55 04 0a 13 09 49 6e 74 65 72 1.0...U....Inter
00d0: 6e 65 74 32 31 11 30 0f 06 03 55 04 0b 13 08 49 net21.0...U....I
00e0: 6e 43 6f 6d 6d 6f 6e 31 1f 30 1d 06 03 55 04 03 nCommon1.0...U..
00f0: 13 16 49 6e 43 6f 6d 6d 6f 6e 20 52 53 41 20 53 ..InCommon RSA S
0100: 65 72 76 65 72 20 43 41 30 1e 17 0d 31 37 30 34 erver CA0...1704
0110: 31 31 30 30 30 30 30 30 5a 17 0d 32 30 30 34 31 11000000Z..20041
0120: 30 32 33 35 39 35 39 5a 30 81 a1 31 0b 30 09 06 0235959Z0..1.0..
0130: 03 55 04 06 13 02 55 53 31 0e 30 0c 06 03 55 04 .U....US1.0...U.
......
-- System Information:
Debian Release: 8.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ldap-utils depends on:
ii libc6 2.19-18+deb8u7
ii libgnutls-deb0-28 3.3.8-6+deb8u4
ii libldap-2.4-2 2.4.40+dfsg-1+deb8u2
ii libsasl2-2 2.1.26.dfsg1-13+deb8u1
Versions of packages ldap-utils recommends:
ii libsasl2-modules 2.1.26.dfsg1-13+deb8u1
Versions of packages ldap-utils suggests:
ii libsasl2-modules-gssapi-mit 2.1.26.dfsg1-13+deb8u1
-- no debconf information
More information about the Pkg-openldap-devel
mailing list