Re: [Exim] Is anybody using LDAPS?

Top Page
Delete this message
Reply to this message
Author: Joachim Wieland
Date:  
To: Philip Hazel
CC: exim-users
Subject: Re: [Exim] Is anybody using LDAPS?
Hi,

On Thu, Aug 08, 2002 at 03:05:27PM +0100, Philip Hazel wrote:
> Is anybody using LDAP with ldaps:// queries (LDAP over SSL)?


I use it for libnss and PAM but not for exim...

> By turning on debugging, I can see that there is a connection
> to the slapd daemon (on port 636), and some exchanges of SSL protocol
> blocks, but then it just closes down the connection. This is on a
> Solaris 8 system.


This is often a problem with incorrect certificates but with the
debugging turned on you should see it. Make sure everything is fine by
typing:

    openssl s_client -connect localhost:636


and pay attention to the last line "Verification code ..." or something
like that. 18 (self-signed certificate) and 0 are okay I think (others
might be okay, too...). Most of the time these messages are quite
understandable and give a hint as to what is wrong...

Does the connection break or is it shut down? (You can see from the
log file of slapd if the server is asked to close the connection or if
it just breaks).

Make sure you have set the correct CN=... name in your certificate. At
least for libnss this was a reason to close the connection if the name
of the server and the CN of the certificate didn't match.

As a source of documentation I could recommend http://www.bayour.com


Joachim

--
*****PGP key available - send e-mail request***** - ICQ: 37225940
Due to circumstances beyond your control, you are master of your fate
and captain of your soul.