Am 21.05.25 um 10:48 schrieb Nick Milas:
> Hello,
>
> I have managed to start the migrated LDAP server on Rocky 9, v2.6.9 LTB.
>
> It seems to be working fine but, I cannot connect over ssl (ldaps, port 636).
>
> I am trying to connect with Apache Directory Studio but it fails, although I
> am using the same
> certificate as on the orignal server (the cert covers both server names).
>
> I have enabled conns logging on the server and I see connection coming in,
> but for some reason it
> fails (input error=-2):
>
> Could you please guide me to troubleshoot this?
>
> May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1
> descriptor May 21 11:19:14
> ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14
> ldap1.noa.gr slapd[17512]: May
> 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7
> active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8
> active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9 busy May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL *May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: accept() = 14* May 21 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: activity
> on 1 descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
> activity on: May 21 11:19:14
> ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=7
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=8
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=9
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=10
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=11
> active_threads=0 tvp=NULL *May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: listen=9, new
> connection on 14 May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: added
> 14r (active)
> listener=(nil)* May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
> activity on 1 descriptor May
> 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on: May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll:
> listen=7
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=8
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=9
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=10
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=11
> active_threads=0 tvp=NULL *May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> conn=1002 fd=14 ACCEPT
> from IP=195.251.xxx.xxx:51334 (IP=0.0.0.0:636)* May 21 11:19:14
> ldap1.noa.gr slapd[17512]:
> daemon: activity on 1 descriptor May 21 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: activity on:
> May 21 11:19:14 ldap1.noa.gr slapd[17512]: 14r May 21 11:19:14
> ldap1.noa.gr slapd[17512]: May
> 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: read active on 14 May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14
> ldap1.noa.gr slapd[17512]:
> daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: epoll: listen=11 active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon: activity on 1 descriptor May 21 11:19:14
> ldap1.noa.gr slapd[17512]:
> daemon: activity on: May 21 11:19:14 ldap1.noa.gr slapd[17512]: 14r May
> 21 11:19:14
> ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: read active on 14
> May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7
> active_threads=0 tvp=NULL May
> 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8
> active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9
> active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10
> active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11
> active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May
> 21 11:19:14
> ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14
> ldap1.noa.gr slapd[17512]: May
> 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=7
> active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=8
> active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=9
> active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=10
> active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: epoll: listen=11
> active_threads=0 tvp=NULL May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May
> 21 11:19:14
> ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14
> ldap1.noa.gr slapd[17512]: 14r
> May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon:
> read active on 14 May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
> epoll: listen=7
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=8
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=9
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=10
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=11
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=7
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=8
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=9
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=10
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=11
> active_threads=0 tvp=NULL *May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> conn=1002 fd=14 TLS
> established tls_ssf=256 ssf=256 tls_proto=TLSv1.3
> tls_cipher=TLS_AES_256_GCM_SHA384* May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity on 1 descriptor May
> 21 11:19:14
> ldap1.noa.gr slapd[17512]: daemon: activity on: May 21 11:19:14
> ldap1.noa.gr slapd[17512]: 14r
> May 21 11:19:14 ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr
> slapd[17512]: daemon:
> read active on 14 May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
> epoll: listen=7
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=8
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=9
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=10
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=11
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: activity on 1
> descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity
> on: May 21 11:19:14
> ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=7
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=8
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=9
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=10
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=11
> active_threads=0 tvp=NULL *May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> conn=1002 op=0 BIND
> dn="uid=userx,ou=people,dc=noa,dc=gr" method=128 May 21 11:19:14
> ldap1.noa.gr slapd[17512]:
> conn=1002 op=0 BIND dn="uid=userx,ou=people,dc=noa,dc=gr" mech=SIMPLE
> bind_ssf=0 ssf=256 May 21
> 11:19:14 ldap1.noa.gr slapd[17512]: conn=1002 op=0 RESULT tag=97 err=0
> qtime=0.000034
> etime=0.000475 text=* May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon:
> activity on 1
> descriptor May 21 11:19:14 ldap1.noa.gr slapd[17512]: daemon: activity
> on: May 21 11:19:14
> ldap1.noa.gr slapd[17512]: May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=7
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=8
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=9
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=10
> active_threads=0 tvp=NULL May 21 11:19:14 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=11
> active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]:
> daemon: activity on 1
> descriptor May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: activity
> on: May 21 11:19:44
> ldap1.noa.gr slapd[17512]: 14r May 21 11:19:44 ldap1.noa.gr
> slapd[17512]: May 21 11:19:44
> ldap1.noa.gr slapd[17512]: daemon: read active on 14 May 21 11:19:44
> ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=7 active_threads=0 tvp=NULL May 21 11:19:44
> ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=8 active_threads=0 tvp=NULL May 21 11:19:44
> ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=9 active_threads=0 tvp=NULL May 21 11:19:44
> ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=10 active_threads=0 tvp=NULL May 21 11:19:44
> ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=11 active_threads=0 tvp=NULL *May 21 11:19:44
> ldap1.noa.gr slapd[17512]:
> connection_read(14): input error=-2 id=1002, closing. May 21 11:19:44
> ldap1.noa.gr slapd[17512]:
> connection_closing: readying conn=1002 sd=14 for close May 21 11:19:44
> ldap1.noa.gr
> slapd[17512]: daemon: removing 14 May 21 11:19:44 ldap1.noa.gr
> slapd[17512]: conn=1002 fd=14
> closed (connection lost)*May 21 11:19:44 ldap1.noa.gr slapd[17512]:
> daemon: activity on 1
> descriptor May 21 11:19:44 ldap1.noa.gr slapd[17512]: daemon: activity
> on: May 21 11:19:44
> ldap1.noa.gr slapd[17512]: May 21 11:19:44 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=7
> active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=8
> active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=9
> active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=10
> active_threads=0 tvp=NULL May 21 11:19:44 ldap1.noa.gr slapd[17512]:
> daemon: epoll: listen=11
> active_threads=0 tvp=NULL
>
> I have tried removing the olcTLSCipherSuite attribute, but it won't work
> anyway.
>
> As a side note, I see that logging is directed to the journal. Could I
> redirect it to a file
> instead? I have set olcLogFile, but logging is directed to the journal
> nevertheless.
>
> Thanks a lot,
> Nick
>
>
>
What is the output of your query with "-d -1" added to the command line? What
is the output of
"openssl s_client -connect $SERVER:636"?
Can you query your server when you disable certificate checking in ldap.conf
("TLS_REQCERT allow")?
