1

gnutls vs openssl with openldap, debian and centos

view story
linux-howto

http://serverfault.com – I have a Debian 6.0.5 server running openldap. It appears to be compiled against gnutls. I used gnutls' certtool to generate a self-signed certificate and I have used it on a few debian client machines to authenticate against the openldap server. However, when I try to do the same on a CentOS 6 client, I get the following error for ldapsearch: ldap_initialize( ) ldap_start_tls: Can't contact LDAP server (-1) additional info: TLS error -8101:Certificate type not approved for application. ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) If I run gnutls-cli-debug (HowTos)

grtyyu's picture
Submitted by grtyyu on 08/20/2012

Stories similar to gnutls vs openssl with openldap, debian and centos

Hello, I have a Debian openldap server (linked against gnutls). I have self-signed a certificate which I can then use with Debian clients to auth against ldap (for services like ssh) with no issues... [by maketo]

# LDAPTLS_CACERTDIR=/etc/ssl/certs/ ldapwhoami -x -ZZ -H ldaps://ldap.domain.tld ldap_start_tls: Can't contact LDAP server (-1) additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.

# openssl s_client -connect ldap.domain.tld:636 -CApath /etc/ssl/certs <...

It would make it a lot easier on potential helpers to strip out all the excess comments and post only the active lines. This can be done by " grep -v \# /etc/ldap.conf | tr -s '\n' &... [by pschaff]

GnuTLS error after upgrade 19 weeks 13 hours ago

Everything was fine until I've upgraded gnutls package (also: Wine package, in the same time), today.

I am having trouble getting an "out of the box" openldap server working.

The examples on the openldap site stiull refer to the slapd.conf file, but the install does not make that.

if I start the server (service slapd start) I do not get any errors, but cannot connect

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

anyone have a simple howto for v2.4 ?

I've been migrating some servers and desktops using Ubuntu 10.04 from getting the users from an old OpenLDAP implementation to a newer Centos Active Directory. I haven't had any problems so far, until I reached a Debian Lenny server.

I've set up the server as the others, setting /etc/ldap.conf and /etc/ldap/ldap.conf.

[ubuntu] openldap and ipv6 14 weeks 1 day ago

Hi I would install an openldap server in ipv6 it worked perfectly in ipv4 network but when i changed the host address in ldap.conf to ipv6 address in the server and client host client can't find ldap users

root@server:/etc/phpldapadmin# su dell -l Unknown id: dell

The two machines pings

who can help me to set up openldap in ipv6

I'm trying to configure a LDAP server with some basic security parameters, including TLS and required authenticated binding.

I have started the server, and can access it from localhost with the command:

ldapsearch -x -b 'dc=server,dc=com' 'objectclass=*' -W -D 'cn=manager,dc=server,dc=com' -H ldaps://server.com:389

When I try the same command remotely, from my computer, I get the following err

Basically the problem is this: I am setting up an openLDAP server on a CentOS 6.3 and an openLDAP client on Ubuntu 11.04. The problem is, I don't know how to set-up a nameservice for the openLDAP server. Most of the guides I've found make use of a URL which requires a naming service. Is there a way to make use of IP addresses on the URIs for the ldap.conf files in both the client and the server?