Setting up a client for ssl

"Steven Jones" <Steven.Jones@xxxxxxxxx> · Fri, 14 Sep 2007 13:22:52 +1200

While testing a RHAS4 client the logs seems to indicate ssl is working
as I get startTLS in the access log.

When I do a ssh connection though I do not see startTLS in the access
log, so is this actually working correctly?

ldapsearch -x -ZZ '(uid=jonesst1)'

Output on the client will typically be,

================
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=jonesst1)
# requesting: ALL
#

# jonesst1, People, vuw.ac.nz
dn: uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz
givenName: Steven
sn: Jones
loginShell: /bin/bash
uidNumber: 500
gidNumber: 500
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: posixAccount
uid: jonesst1
cn: Steven Jones
homeDirectory: /home/jonesst1

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1

==========

Cannot see startTLS in this part though when ssh'ing in,

==========

[14/Sep/2007:13:10:26 +1200] conn=44 fd=67 slot=67 connection from
130.195.87.250 to 130.195.87.249
[14/Sep/2007:13:10:26 +1200] conn=44 op=0 BIND dn="" method=128
version=3
[14/Sep/2007:13:10:26 +1200] conn=44 op=0 RESULT err=0 tag=97 nentries=0
etime=0 dn=""
[14/Sep/2007:13:10:26 +1200] conn=44 op=1 SRCH base="dc=vuw,dc=ac,dc=nz"
scope=2 filter="(uid=jonesst1)" attrs=ALL
[14/Sep/2007:13:10:26 +1200] conn=44 op=1 RESULT err=0 tag=101
nentries=1 etime=0
[14/Sep/2007:13:10:26 +1200] conn=44 op=2 BIND dn="" method=128
version=3
[14/Sep/2007:13:10:26 +1200] conn=44 op=2 RESULT err=0 tag=97 nentries=0
etime=0 dn=""
[14/Sep/2007:13:10:26 +1200] conn=44 op=3 BIND
dn="uid=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz" method=128 version=3
[14/Sep/2007:13:10:26 +1200] conn=44 op=3 RESULT err=0 tag=97 nentries=0
etime=0 dn="uid=jonesst1,ou=people,dc=vuw,dc=ac,dc=nz"
[14/Sep/2007:13:10:26 +1200] conn=44 op=4 BIND dn="" method=128
version=3
[14/Sep/2007:13:10:26 +1200] conn=44 op=4 RESULT err=0 tag=97 nentries=0
etime=0 dn=""
[14/Sep/2007:13:10:26 +1200] conn=45 fd=68 slot=68 connection from
130.195.87.250 to 130.195.87.249
[14/Sep/2007:13:10:26 +1200] conn=45 op=0 BIND dn="" method=128
version=3
[14/Sep/2007:13:10:26 +1200] conn=45 op=0 RESULT err=0 tag=97 nentries=0
etime=0 dn=""
[14/Sep/2007:13:10:26 +1200] conn=45 op=1 SRCH base="dc=vuw,dc=ac,dc=nz"
scope=2 filter="(&(objectClass=posixAccount)(uid=jonesst1))" attrs=ALL
[14/Sep/2007:13:10:26 +1200] conn=45 op=1 RESULT err=0 tag=101
nentries=1 etime=0
[14/Sep/2007:13:10:26 +1200] conn=45 op=2 SRCH base="dc=vuw,dc=ac,dc=nz"
scope=2
filter="(&(objectClass=posixGroup)(|(memberUid=jonesst1)(uniqueMember=ui
d=jonesst1,ou=People,dc=vuw,dc=ac,dc=nz)))" attrs="gidNumber"
[14/Sep/2007:13:10:26 +1200] conn=45 op=2 RESULT err=0 tag=101
nentries=0 etime=0
[14/Sep/2007:13:10:26 +1200] conn=44 op=5 UNBIND
[14/Sep/2007:13:10:26 +1200] conn=44 op=5 fd=67 closed - U1

==========

regards

Steven Jones
Senior  Linux/Unix/San/Vmware System Administrator
APG -Technology Integration Team
Victoria University of Wellington
Phone: +64 4 463 6272

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users