Solaris 10 ldapclient problems

Advertisement
Hi all,
I currently have an Ubuntu 9.10 server running OpenLDAP protected with self signed certs. I am trying to set up my Solaris 10u8
system as a client. I have followed the numerous online tutorials and websites, and originally had things working with Ubuntu 8.04 LTS.
However, I currently get a failure when I try to run ldapclient init. The error on the client side is:
LDAP ERROR (81): Error occurred during receiving results. Connection to server lost.
And, on the server side in debug mode I see:
conn=5 fd=16 ACCEPT from IP=XXX.XXX.XXX.XXX:33938 (IP=0.0.0.0:636)
TLS: can't accept: A record packet with illegal version was received..
conn=5 fd=16 closed (TLS negotiation failure)
Oddly, if I perform an ldapsearch from the client like so:
ldapsearch -vvv -h myldapserver.ucsd.edu -p 636 -ZZ -P /var/ldap/cert8.db -b "dc=ucsd,dc=edu" "objectclass=DUAConfigProfile"
I get the correct results from my OpenLDAP server, and the following shows the following in debug mode:
conn=6 fd=16 ACCEPT from IP=XXX.XXX.XXX.XXX:33939 (IP=0.0.0.0:636)
conn=6 fd=16 TLS established tls_ssf=128 ssf=128
conn=6 op=0 SRCH base="dc=ucsd,dc=edu" scope=2 deref=0 filter="(objectClass=DUAConfigProfile)"
conn=6 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=6 op=1 UNBIND
conn=6 fd=16 closed
I am at a loss as to why the ldapsearch works correctly, and the server accpets the TLS connection, but the
ldapclient command fails because the TLS connection fails.
Thanks,
Ian
Advertisement

Replay

Thanks for looking.
ldapclient -v init \
-a proxyDN=cn=admin,dc=ucsd,dc=edu \
-a proxyPassword="passwd" \
-a domainName=ucsd.edu \
-a profileName=tls_profile \
-a certificatePath=/var/ldap/cert8.db \
ldapslave.ucsd.edu:636
This is only a test client, so I am going to reinstall from scratch
and try again. I did have it working with an older Ubuntu version
using an older OpenLDAP server. The release I am playing with
now uses GnuTLS now, but the fact that the ldapsearch command
works with TLS but ldapclient doesn't (which seems to be the
reverse of what others have had problems with) is odd.
I have also tried:
ldapclient -v manual \
-a credentialLevel=proxy \
-a proxyDN=cn=admin,dc=ucsd,dc=edu \
-a proxyPassword="password" \
-a defaultSearchBase=dc=ucsd,dc=edu \
-a defaultSearchScope=sub \
-a domainName=ucsd.edu \
-a serviceSearchDescriptor=passwd:dc=ucsd,dc=edu?sub \
-a serviceSearchDescriptor=shadow:dc=ucsd,dc=edu?sub \
-a serviceSearchDescriptor=group:dc=ucsd,dc=edu?sub \
-a serviceAuthenticationMethod=pam_ldap:tls:simple \
-a certificatePath=/var/ldap/cert8.db \
-a authenticationMethod=tls:simple \
-a defaultServerList="ldapslave.ucsd.edu ldapslave2.ucsd.edu"
but this doesn't work either.
Ian