[Bug 217159] Re: slapd + gnutls fails

Adrian Bridgett adrian at smop.co.uk
Wed Apr 22 20:18:16 BST 2009 

sure:

/etc/ldap/ldap.conf:
BASE dc=opsera,dc=com
URI  ldap://foo.opsera.com
TLS_CACERT /etc/ssl/certs/ca.opsera.com.crt
TLS_REQCERT demand

TLS_CACERT file:
-----BEGIN CERTIFICATE-----
MIIEUTCCAzmgAwIBAgIJAI+dj7GhDEy1MA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNV
BAYTAkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB1JlYWRpbmcxDzAN
BgNVBAoTBk9wc2VyYTESMBAGA1UEAxMJT3BzZXJhIENBMR4wHAYJKoZIhvcNAQkB
Fg9yb290QG9wc2VyYS5jb20wHhcNMDgwNTE0MTEyNDAxWhcNMTgwNTEyMTEyNDAx
WjB4MQswCQYDVQQGEwJHQjESMBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdS
ZWFkaW5nMQ8wDQYDVQQKEwZPcHNlcmExEjAQBgNVBAMTCU9wc2VyYSBDQTEeMBwG
CSqGSIb3DQEJARYPcm9vdEBvcHNlcmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA5NBn4qZQmpNSfAZGicY11YoRbG2ZW+IMNd6P0t3uqbqlS/xd
toLXiLQOKcm0k1FdBXgeredDAd7Lm0KOvXOu85oDcSB4Y+8Xny0ug/oyw5HhrvaT
ACP4DdFkVK0rOncpgqjUoPPlHpAtRE+vruxgYqG4WHRZQv2aIfDCLP1vorLNLl68
JoPsTfP8O4ISOHVY5KlmngOjBeU0JuFP7luFoPshXbxpQ8VL2frTNLV3SKpU7zMe
QGkUh+86HSCKxk3ahq5grZIYLm+RlOXORTisT8xK6VWTDO1O0DF1HnVN/pkx6AwN
HyC4sveyYzm4f+nwVTFd/vKXVRHWJoKLltSUkwIDAQABo4HdMIHaMB0GA1UdDgQW
BBQ7ztgRvxawSnughvTiN0BuzzrOMDCBqgYDVR0jBIGiMIGfgBQ7ztgRvxawSnug
hvTiN0BuzzrOMKF8pHoweDELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGly
ZTEQMA4GA1UEBxMHUmVhZGluZzEPMA0GA1UEChMGT3BzZXJhMRIwEAYDVQQDEwlP
cHNlcmEgQ0ExHjAcBgkqhkiG9w0BCQEWD3Jvb3RAb3BzZXJhLmNvbYIJAI+dj7Gh
DEy1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKtJww1eJjGtr3c4
xrvRfNlS5FJphmh6xqIyTJf7cglcOziob/FtPD7HJ3FLq2dj1uwRlbreTzTmpajl
hr4h/2gxjLTjrMSriLbHjuBhuotHa8/NsuFm3USWZyca0zASOQV4+yGu4AydUmo5
vcOymiVZ4JWprPC4bmALti8ykqejDjhydcl8Vd9nLKz8KuU1EwBMWHtBjSfkuAao
IxJZHNTpi+iBXRFguola0aTX3K0g1+IABaYKb1MUerszmvXdqaJ0KnszT79d9R2u
XavJFc33egXQUO7K/Vm0tg2+phP7QbRwix95pNP8jkalWbCuXMDbMqLNBN28+u3V
w4gO30E=
-----END CERTIFICATE-----

gnutls-cli output:
Connecting to '127.0.1.1:636'...
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.

package versions:
gnutls-bin 2.4.2-6+lenny1 gnutls26 install ok installed
ldap-utils 2.4.11-1 openldap install ok installed
libgnutls26 2.4.2-6+lenny1 gnutls26 install ok installed
libldap-2.4-2 2.4.11-1 openldap install ok installed
libnss-ldap 261-2.1  install ok installed
libpam-ldap 184-4.2  install ok installed
slapd 2.4.11-1 openldap install ok installed
sudo-ldap 1.6.9p17-2.1 sudo install ok installed

ldapsearch:
ldap_url_parse_ext(ldaps://foo.opsera.com/)
ldap_create
ldap_url_parse_ext(ldaps://foo.opsera.com:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP foo.opsera.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.1.1:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
tls_write: want=93, written=93
  0000:  16 03 02 00 58 01 00 00  54 03 02 49 ef 6d 28 ac   ....X...T..I.m(.  
  0010:  b6 ff 62 fd 12 78 93 a8  58 cb f7 39 a6 b7 61 59   ..b..x..X..9..aY  
  0020:  1e 8f f4 5a 5d 4c a6 83  b5 73 d0 00 00 24 00 33   ...Z]L...s...$.3  
  0030:  00 45 00 39 00 88 00 16  00 32 00 44 00 38 00 87   .E.9.....2.D.8..  
  0040:  00 13 00 66 00 2f 00 41  00 35 00 84 00 0a 00 05   ...f./.A.5......  
  0050:  00 04 01 00 00 07 00 09  00 03 02 00 01            .............     
tls_read: want=5, got=0

TLS: can't connect: A TLS packet with unexpected length was received..
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

-- 
slapd + gnutls fails 
https://bugs.launchpad.net/bugs/217159
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.

More information about the Ubuntu-server-bugs mailing list