[Fedora-directory-users] cleint problems with ssl and tls
by Marco Strullato
Hi all!
I have a problem with ldap and ssl:
I set up the fedora directory server with ssl following this link:
http://directory.fedoraproject.org/wiki/Howto:SSL
The problem is client authentication: I mean when I do an ldapsearch I get
"SSL connection already established" but I don't have any other connection
to between client and server (check with netstat).
What do you suggest me?
Thanks
Marco
logs from the FDS server are:
[07/Sep/2007:10:04:09 +0200] conn=10 fd=68 slot=68 SSL connection from
<ip_src> to <ip_dst>
[07/Sep/2007:10:04:09 +0200] conn=10 SSL 256-bit AES
[07/Sep/2007:10:04:09 +0200] conn=10 op=0 EXT oid="1.3.6.1.4.1.1466.20037"
name="startTLS"
[07/Sep/2007:10:04:09 +0200] conn=10 op=0 RESULT err=1 tag=120 nentries=0
etime=0
[07/Sep/2007:10:04:09 +0200] conn=10 op=-1 fd=68 closed - B1
from client:
ldap_create
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldaps_vm02_admin:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying <ip_server>:636
ldap_connect_timeout: fd: 3 tm: -1 async: 0
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 1, err: 0, subject: /C=IT/O=<......>
TLS certificate verification: depth: 0, err: 0, subject: /C=IT/O=<......>
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server certificate request A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client certificate A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush: 31 bytes to sd 3
ldap_result ld 0x80bc048 msgid 1
ldap_chkResponseList ld 0x80bc048 msgid 1 all 1
ldap_chkResponseList returns ld 0x80bc048 NULL
wait4msg ld 0x80bc048 msgid 1 (infinite timeout)
wait4msg continue ld 0x80bc048 msgid 1 all 1
** ld 0x80bc048 Connections:
* host: ldaps_vm02_admin port: 636 (default)
refcnt: 2 status: Connected
last used: Fri Sep 7 10:05:20 2007
** ld 0x80bc048 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
** ld 0x80bc048 Response Queue:
Empty
ldap_chkResponseList ld 0x80bc048 msgid 1 all 1
ldap_chkResponseList returns ld 0x80bc048 NULL
ldap_int_select
read1msg: ld 0x80bc048 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 71 contents:
read1msg: ld 0x80bc048 msgid 1 message type extended-result
ber_scanf fmt ({eaa) ber:
read1msg: ld 0x80bc048 0 new referrals
read1msg: mark request completed, ld 0x80bc048 msgid 1
request done: ld 0x80bc048 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 0 1
ldap_free_connection: refcnt 1
ldap_parse_extended_result
ber_scanf fmt ({eaa) ber:
ber_scanf fmt (a) ber:
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
ldap_perror
ldap_start_tls: Operations error (1)
additional info: SSL connection already established
16 years, 6 months
[Fedora-directory-users] FDS 1.0.4 and DNS host filter based ACIs
by Peter Reuterås
Hi
I have a problem with ACIs on FDS 1.0.4. After uppgrading a server from
FDS 1.0.2 to 1.0.4 "DNS host filter" based ACIs stopped working. We can
still use IP based ACIs for IPv4 access but not "DNS host filter". FDS is
running on a Red Hat Enterprise Linux 4.0 server.
Anybody else seen this problem?
/Peter
--
===========================================================================
Peter Reuterås Tel +46 8 7909558
SE-100 44 Stockholm, Sweden
16 years, 6 months
[Fedora-directory-users] FDS & NIS sync.
by Andreas Kekkou
Hi all,
We are in the process of migrating our NIS domain to FDS and for some
time we have to run both systems. Since the current version of FDS does
not generates UIDs automatically, we are thinking of creating any new
accounts to NIS and export all info every night in ldif format. What
command/software I have to use in order to import the ldif file to FDS?
Please bear in mind that we want to update the existing user info and
create any new users that might exist in the ldif file.
Regards,
Andreas
16 years, 6 months
[Fedora-directory-users] error logging in first time
by Bob Wooden
I am new to Fedora Directory Server, but six or seven years linux
user.
I have built a Fedora Core 6, selected the "web server" option on build
and installed the FDS 1.0.4 version. Located java and adjusted the
symbolic link. Did my FDS setup/setup and set all the defaults. When I
perform the ./startconsole command (within the fedora-ds directory, I
get the following error message:
Cannot connect to the Admin Server "http://******.***.***:43766"
The URL is not correct or the server is not running.
I have searched the mailing list archive and I am unable to locate any
reference to this error message.
What do I do now?
16 years, 6 months
[Fedora-directory-users] deletion problem - multi-master
by Sam Smith
I have two masters and three replicas.
Master A works fine - I can add, modify, delete, and the changes
replicate OK.
Except that Master B cannot delete, either directly at the console, via
the command line, or via replication from master A. It can add and
modify just fine, and those changes replicate to the other master and
the replicas. But it can't delete.
The error message is simply LDAP OPERATIONS ERROR
Thanks for any help.
Sam Smith
16 years, 6 months
[Fedora-directory-users] Directory size (/var/opt/netscape/server7)
by Rubin
Hi All,
A question of curiosity: i've set up a small ldap server (no slaves or
multimaster stuff) with about 50 users. I made a backup of the server7
directory (/var/opt/netscape/server7) before I changed anything and
started hacking away. now, a couple of months later everything is working
very well and i'm asked to migrate the server. I just made a new backup of
the server7 directory and to my amazement it is 10x as big. It started out
at 139m, and it is now 1.2g!
So the question is: What is taking up so much space when there are only 50
posixAccounts and 2 posixGroups?
For the record, I know this is not the way to backup a rhds server, I'm
reading about how to do a backup or dump "the right way" as we speak ;-)
Grtz,
Rubin.
16 years, 6 months