TLS for dummies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2005-12-09 at 12:31 -0700, Richard Megginson wrote:
> Craig White wrote:
> 
> >Just basic stuff...I promise I have been through the wiki and the
> >Administrator's guide (managing SSL and SASL) several times.
> >
> >Using openssl generated CA certificate and used that to sign CSR's from
> >console application and loaded them all into console application. Have
> >restarted FDS and it seems to be happy - but just to confirm...
> >
> >lifted from /opt/fedora-ds/slapd-srv1/logs/errors
> >[09/Dec/2005:08:33:47 -0700] - Fedora-Directory/1.0.1 B2005.342.165
> >starting up
> >[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher AES in
> >backend userRoot, attempting to create one...
> >[09/Dec/2005:08:33:47 -0700] - Key for cipher AES successfully generated
> >and stored
> >[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher 3DES in
> >backend userRoot, attempting to create one...
> >[09/Dec/2005:08:33:47 -0700] - Key for cipher 3DES successfully
> >generated and stored
> >[09/Dec/2005:08:33:47 -0700] - No symmetric key found for cipher AES in
> >backend NetscapeRoot, attempting to create one...
> >[09/Dec/2005:08:33:48 -0700] - Key for cipher AES successfully generated
> >and stored
> >[09/Dec/2005:08:33:48 -0700] - No symmetric key found for cipher 3DES in
> >backend NetscapeRoot, attempting to create one...
> >[09/Dec/2005:08:33:48 -0700] - Key for cipher 3DES successfully
> >generated and stored
> >[09/Dec/2005:08:33:48 -0700] - slapd started.  Listening on All
> >Interfaces port 389 for LDAP requests
> >[09/Dec/2005:08:33:48 -0700] - Listening on All Interfaces port 636 for
> >LDAPS requests
> >
> >MY PROBLEM
> ># ldapsearch -ZZ '(uid=jim)'
> >ldap_start_tls: Connect error (-11)
> >        additional info: Start TLS request accepted.Server willing to
> >negotiate SSL.
> >  
> >
> Looks like openldap and FDS are not responding to the startTLS operation 
> the same way.   Try
> ldapsearch -v ...
> or
> ldapsearch -d 1 ...
> 
----
OK - instructions don't entirely cover the issue when you use openldap
client version of ldapsearch

ldapsearch -x -ZZ '(uid=jim)' # no problem

the -x was still required for ssl (ldaps://server:636 and
ldap://server:389) when not using SASL

thanks

and thanks David - it helped clarify things

Craig
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux