OpenLDAP 2.3.4 TLS negotiation failure

Tian Zhiying Wed, 23 Oct 2013 01:49:42 -0700

Hi 

On the LDAP Server , I run following command is ok:
#ldapsearch -x -H ldap://ldap.server.com -ZZ 
#ldapsearch -x -H ldap://ldap.server.com


But on my client , I run "#ldapsearch -x -H ldap://ldap.server.com";, is ok;
Run "#ldapsearch -x -H ldap://ldap.server.com -ZZ" , I get the following error:
 [root@client cacerts]# ldapsearch -x -H ldap://ldap.server.com -ZZ
ldap_start_tls: Connect error (-11)

On LDAP Server log file, I get the following error messages:
Oct 23 16:41:25 auth slapd[4213]: conn=206 fd=24 ACCEPT from 
IP=192.168.9.9:45648 (IP=0.0.0.0:389)
Oct 23 16:41:25 auth slapd[4213]: conn=206 op=0 STARTTLS
Oct 23 16:41:25 auth slapd[4213]: conn=206 op=0 RESULT oid= err=0 text=
Oct 23 16:41:25 auth slapd[4213]: conn=206 fd=24 closed (TLS negotiation 
failure)

My client ldap configuration:
/etc/openldap/ldap.conf file:
URI ldap://ldap.server.com/
BASE dc=server,dc=com
TLS_CACERT /etc/openldap/cacerts/ca.crt
SSL ON
TLS_REQCERT demand

/etc/ldap.conf file:
BASE dc=server,dc=com
URI ldap://ldap.server.com
SSL ON
TLS_CACERT /etc/openldap/cacert/ca.crt
TLS_REQCERT demand

Any suggestion what cause TLS negotiation failure? 

Thanks!



Tian Zhiying

OpenLDAP 2.3.4 TLS negotiation failure

Reply via email to