Error at work of the utility ldapsearch.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Richard!

In my opinion it the certificate of the CA. Certificates you can see details
of reception of it on a screenshot (see the attached file)

Safonov Alexey

-----Original Message-----
From: fedora-directory-users-bounces at redhat.com
[mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard
Megginson
Sent: Friday, July 28, 2006 5:45 PM
To: General discussion list for the Fedora Directory server project.
Subject: Re: Error at work of the utility
ldapsearch.


Safonov Alexey wrote:
> Thanks Richard!
>
> Now I start so:
> [root at asterisk1 bin]# ./ldapsearch -Z -P
> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -K
> /opt/fedora-ds/alias/slapd-asterisk1-key3.db  -h
> rv-vm1.mup-example.vrn.ru  -p 636 -D
> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s
> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*" -v
>
> Also I receive a error:
>
> ldapsearch: started Fri Jul 28 16:21:39 2006
>
> ldap_init( srv-vm1.mup-example.vrn.ru, 636 )
> ldaptool_getcertpath -- /opt/fedora-ds/alias/slapd-asterisk1-cert8.db
> ldaptool_getkeypath -- /opt/fedora-ds/alias/slapd-asterisk1-key3.db
> ldaptool_getmodpath -- (null)
> ldaptool_getdonglefilename -- (null)
> ldap_simple_bind: Can't contact LDAP server
>         SSL error -8156 (Issuer certificate is invalid.)
>
> Though the certificate ad-cert (from Windows DC) is established. The
utility
> certutil and Fedora Management Console (Manage Certificates) shows it.
> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P
> slapd-asterisk1-
> CA certificate                 CTu,u,u
> server-cert                    u,u,u
> Server-Cert                    u,u,u
> ad-cert                        CT,C,C
>
> Help my!
>
Is ad-cert the certificate of the AD server or the certificate of the CA
that issued the AD cert?  An SSL client only needs to trust the CA cert
of the issuer of the server certs it wants to use.
> Safonov Alexey
>
> -----Original Message-----
> From: fedora-directory-users-bounces at redhat.com
> [mailto:fedora-directory-users-bounces at redhat.com]On Behalf Of Richard
> Megginson
> Sent: Thursday, July 27, 2006 7:36 PM
> To: General discussion list for the Fedora Directory server project.
> Subject: Re: Error at work of the utility
> ldapsearch.
>
>
> Safonov Alexey wrote:
>
>> Hi !
>>
>> I ask to help to solve a problem with the utility ldapsearch.
>>
>> is a problem to carry out synchronization between FDS and AD. Has made
the
>> following:
>> 1) Install FDS
>> 2) Configuring SSL Enabled FDS. For this purpose has started script
>> setupssl.sh (http://directory.fedora.redhat.com/download/setupssl.sh)
from
>> HOWTO "Howto:SSL" (http://directory.fedora.redhat.com/wiki/Howto:SSL)
>> 3) Restart FDS.
>>    netstat -atupn | grep ns-
>> tcp  0      0 :::389         :::*       LISTEN      6039/ns-slapd
>> tcp  0      0 :::636         :::*       LISTEN      6039/ns-slapd
>> 4) Enable SSL on AD.
>> Install Certificate Service
>> Check util ldp.exe:
>> Connected param: Server- srv-vm1.mup-example.vrn.ru
>>                  Port  - 636
>>                  Checkbox "SSL"
>> ld = ldap_sslinit("srv-vm1.mup-example.vrn.ru", 636, 1);
>> Error <0x0> = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION,
>> LDAP_VERSION3);
>> Error <0x0> = ldap_connect(hLdap, NULL);
>> Error <0x0> = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);
>> Host supports SSL, SSL cipher strength = 128 bits
>> Established connection to srv-vm1.mup-example.vrn.ru.
>> Retrieving base DSA information...
>> .....
>> 5) Import AD CA certificate in DER mode.
>> 6) Copy, convert (PEM) and install AD CA certificate in FDS. Check:
>> [root at asterisk1 alias]# /opt/fedora-ds/shared/bin/certutil -L -d . -P
>> slapd-asterisk1-
>> CA certificate                         CTu,u,u
>> server-cert                            u,u,u
>> Server-Cert                            u,u,u
>> ad-cert                                CT,C,C <- install this
>>
>> 6) [root at asterisk1 alias]# ldapsearch -Z -P
>> /opt/fedora-ds/alias/slapd-asterisk1-cert8.db -h
>> rv-vm1.mup-example.vrn.ru  -p 636 -D
>> "cn=Administrator,cn=users,dc=mup-examle,dc=vrn,dc=ru" -w secret01 -s
>> base -b "dc=mup-example,dc=vrn,dc=ru" "objectclass=*"
>>
>>
> That's /usr/bin/ldapsearch, which is openldap ldapsearch, which uses
> openssl for crypto, which is completely different than NSS.  You need to
> use the ldapsearch in /opt/fedora-ds/shared/bin e.g.
> cd /opt/fedora-ds/shared/bin ; ./ldapsearch ....
>
>> Error:
>> ldapsearch: unabel to parse protocol version
>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db"
>>
>> Help my!
>> Thanks
>>
>> ------------------------------------------------------
>> My Setup:
>>
>> Fedora Core 5 (i386)
>> Fedora Directory Server 1.0.2
>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru)
>> ------------------------------------------------------
> use the ldapsearch in /opt/fedora-ds/shared/bin e.g.
> cd /opt/fedora-ds/shared/bin ; ./ldapsearch ....
>
>> Error:
>> ldapsearch: unabel to parse protocol version
>> "/opt/fedora-ds/alias/slapd-asterisk1-cert8.db"
>>
>> Help my!
>> Thanks
>>
>> ------------------------------------------------------
>> My Setup:
>>
>> Fedora Core 5 (i386)
>> Fedora Directory Server 1.0.2
>> Windows 2003 Server (DC - srv-vm1.mup-example.vrn.ru)
>> ------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: sert2.jpg
Type: image/jpeg
Size: 37399 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060728/2cc45309/attachment.jpg 


[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux