Hi all! I have a problem with ldap and ssl: I set up the fedora directory server with ssl following this link: http://directory.fedoraproject.org/wiki/Howto:SSL The problem is client authentication: I mean when I do an ldapsearch I get "SSL connection already established" but I don't have any other connection to between client and server (check with netstat). What do you suggest me? Thanks Marco logs from the FDS server are: [07/Sep/2007:10:04:09 +0200] conn=10 fd=68 slot=68 SSL connection from <ip_src> to <ip_dst> [07/Sep/2007:10:04:09 +0200] conn=10 SSL 256-bit AES [07/Sep/2007:10:04:09 +0200] conn=10 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS" [07/Sep/2007:10:04:09 +0200] conn=10 op=0 RESULT err=1 tag=120 nentries=0 etime=0 [07/Sep/2007:10:04:09 +0200] conn=10 op=-1 fd=68 closed - B1 from client: ldap_create ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP ldaps_vm02_admin:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying <ip_server>:636 ldap_connect_timeout: fd: 3 tm: -1 async: 0 TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 0, subject: /C=IT/O=<......> TLS certificate verification: depth: 0, err: 0, subject: /C=IT/O=<......> TLS trace: SSL_connect:SSLv3 read server certificate A TLS trace: SSL_connect:SSLv3 read server certificate request A TLS trace: SSL_connect:SSLv3 read server done A TLS trace: SSL_connect:SSLv3 write client certificate A TLS trace: SSL_connect:SSLv3 write client key exchange A TLS trace: SSL_connect:SSLv3 write change cipher spec A TLS trace: SSL_connect:SSLv3 write finished A TLS trace: SSL_connect:SSLv3 flush data TLS trace: SSL_connect:SSLv3 read finished A ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush: 31 bytes to sd 3 ldap_result ld 0x80bc048 msgid 1 ldap_chkResponseList ld 0x80bc048 msgid 1 all 1 ldap_chkResponseList returns ld 0x80bc048 NULL wait4msg ld 0x80bc048 msgid 1 (infinite timeout) wait4msg continue ld 0x80bc048 msgid 1 all 1 ** ld 0x80bc048 Connections: * host: ldaps_vm02_admin port: 636 (default) refcnt: 2 status: Connected last used: Fri Sep 7 10:05:20 2007 ** ld 0x80bc048 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ** ld 0x80bc048 Response Queue: Empty ldap_chkResponseList ld 0x80bc048 msgid 1 all 1 ldap_chkResponseList returns ld 0x80bc048 NULL ldap_int_select read1msg: ld 0x80bc048 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 71 contents: read1msg: ld 0x80bc048 msgid 1 message type extended-result ber_scanf fmt ({eaa) ber: read1msg: ld 0x80bc048 0 new referrals read1msg: mark request completed, ld 0x80bc048 msgid 1 request done: ld 0x80bc048 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_free_connection 0 1 ldap_free_connection: refcnt 1 ldap_parse_extended_result ber_scanf fmt ({eaa) ber: ber_scanf fmt (a) ber: ldap_parse_result ber_scanf fmt ({iaa) ber: ber_scanf fmt (x) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_perror ldap_start_tls: Operations error (1) additional info: SSL connection already established -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20070907/97dbeaac/attachment.html
