OpenLDAP with StartTLS broken on Debian Lenny
- by mr.zog
I'm trying to get OpenLDAP on Lenny to work with StartTLS. I have a Fedora 13 machine which I'm using as a client for testing. So far the Fedora client is ignoring the 'host' directive in /etc/ldap.conf when I try to connect using ldapsearch. The client wants to connect to 127.0.0.1:389 even if I specify -H ldaps://server.name on when using ldapsearch. /etc/ldap.conf on the client machine is in mode 444.
But even when I try connecting locally from an ssh session, I see errors like this:
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
Someone hit me with a cluebat, plz.
Update: you must use ~/.ldaprc for settings such as 'host'.
Also, I just used nmap against the ldap server and it showed 636 and 389 in an open state.
Here's what prints to screen when I try to connect with, ldapsearch -ZZ –x '(objectclass=*)'+ -d -1
ldap_create
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.10.41:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.10.41:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_dump: buf=0x9bdbdb8 ptr=0x9bdbdb8 end=0x9bdbdd7 len=31
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ber_scanf fmt ({) ber:
ber_dump: buf=0x9bdbdb8 ptr=0x9bdbdbd end=0x9bdbdd7 len=26
0000: 77 18 80 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e w...1.3.6.1.4.1.
0010: 31 34 36 36 2e 32 30 30 33 37 1466.20037
ber_flush2: 31 bytes to sd 3
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ldap_write: want=31, written=31
0000: 30 1d 02 01 01 77 18 80 16 31 2e 33 2e 36 2e 31 0....w...1.3.6.1
0010: 2e 34 2e 31 2e 31 34 36 36 2e 32 30 30 33 37 .4.1.1466.20037
ldap_result ld 0x9bd3050 msgid 1
wait4msg ld 0x9bd3050 msgid 1 (infinite timeout)
wait4msg continue ld 0x9bd3050 msgid 1 all 1
** ld 0x9bd3050 Connections:
* host: 192.168.10.41 port: 636 (default)
refcnt: 2 status: Connected
last used: Sun Jun 6 12:54:05 2010
** ld 0x9bd3050 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x9bd3050 request count 1 (abandoned 0)
** ld 0x9bd3050 Response Queue:
Empty
ld 0x9bd3050 response count 0
ldap_chkResponseList ld 0x9bd3050 msgid 1 all 1
ldap_chkResponseList returns ld 0x9bd3050 NULL
ldap_int_select
read1msg: ld 0x9bd3050 msgid 1 all 1
ber_get_next
ldap_read: want=8, got=0
ber_get_next failed.
ldap_err2string
ldap_start_tls: Can't contact LDAP server (-1)