Emmanuel BILLOT a écrit :
Many tests give the followibng result
[root@ldapnew slapd-ldapnew]# /usr/lib/mozldap/ldapsearch -h
porlsvrdc0003.ird.fr -p 636 -D "cn=toutou,cn=Users,dc=ird,dc=fr" -w -
-Z -P /etc/dirsrv/slapd-ldapnew/cert8.db -s base -b "" "objectclass=*"
Enter bind password:
ldap_simple_bind: Can't contact LDAP server
SSL error -8183 (security library: improperly formatted
DER-encoded message.)
However, cert seems to be ok:
- ldaps:636 works on ldap.exe client (Windows)
- ldaps:636 works on ldapsearch -x -H ldaps://porlsvrdc0003.ird.fr -D
"cn=toutou,cn=Users,dc=ird,dc=fr" -W -b "dc=ird,dc=fr" with the
"classic" ldapsearch client
How can i debug it ?
BR,
Ok i found what was wrong : the request.inf from which the req cert is
generated contained an unknow item value
[Extensions]
2.5.29.17=xxxxxxxx
The inf file without the extensions section generate a good req file and
then a valid cert.
BR,
--
==========================================
Emmanuel BILLOT
IRD - Orléans
Délégation aux Systèmes d'Information (DSI)
tél : 02 38 49 95 88
==========================================
--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
