服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 带有TLS的LDAP:连接错误(-11)
Intereting Posts
在自动部署节点中保护数据库凭证 停机时间跟踪 – 服务器,连接和应用程序级别 405(不允许)POST请求 此SPFlogging是否会限制原始域名的电子邮件交付? 如何正确设置SSH隧道,以便您可以以localhost的身份访问服务器上的站点 使用bhyve和FreeBSD Guest桥接networking不起作用 hostname命令在ipv6主机上不返回任何内容 在Icinga(Nagios)中,如何configuration多个IP的主机? DDoS攻击。 我们是无助的吗? 如何设置AllowOverride All? 我尝试了一切,但无济于事 apache2 mysqlauthentication模块和SHA1encryption 使用$ http_proxy env var时的代理exception? 从USB棒启动FreeBSD 9:启动错误 我可以同时使用Cat6和Cat5e插孔吗? 为什么具有相同用户名和不同主机名的两个用户被认为是不同的帐户?

带有TLS的LDAP:连接错误(-11)

我configuration了OpenLDAP,今天我已经configuration了TLS,以便遵循以下指导原则: 使用TLSconfigurationOpenLDAP =必需

用config文件修改cn = config.ldif: 

dn: cn=config changetype: modify add: olcSecurity olcSecurity: tls=1

并且: ldapmodify -Y EXTERNAL -H ldapi:/// -f mod_ssl.ldif

现在,当我试图做一个ldapsearch ,我得到这个错误: 

 ldap_start_tls: Connect error (-11) additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user. ldap_result: Can't contact LDAP server (-1)

例如

 ldapsearch -Z -x -LLL "(uid=user1)" -d -1

日志的最相关部分

 TLS: error: connect - force handshake failure: errno 2 - moznss error -8172 TLS: can't connect: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.. ldap_err2string ldap_start_tls: Connect error (-11) additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user. ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_dump: buf=0x7f11c7b6e960 ptr=0x7f11c7b6e960 end=0x7f11c7b6e96e len=14 0000: 30 0c 02 01 02 60 07 02 01 03 04 00 80 00 0....`........ ber_scanf fmt ({i) ber: ber_dump: buf=0x7f11c7b6e960 ptr=0x7f11c7b6e965 end=0x7f11c7b6e96e len=9 0000: 60 07 02 01 03 04 00 80 00 `........ ber_flush2: 14 bytes to sd 3 0000: 30 0c 02 01 02 60 07 02 01 03 04 00 80 00 0....`........ ldap_write: want=14, written=14 0000: 30 0c 02 01 02 60 07 02 01 03 04 00 80 00 0....`........ ldap_result ld 0x7f11c7add3f0 msgid 2 wait4msg ld 0x7f11c7add3f0 msgid 2 (infinite timeout) wait4msg continue ld 0x7f11c7add3f0 msgid 2 all 1 ** ld 0x7f11c7add3f0 Connections: * host: localhost port: 389 (default) refcnt: 2 status: Connected last used: Wed Feb 4 16:22:56 2015 ** ld 0x7f11c7add3f0 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x7f11c7add3f0 request count 1 (abandoned 0) ** ld 0x7f11c7add3f0 Response Queue: Empty ld 0x7f11c7add3f0 response count 0 ldap_chkResponseList ld 0x7f11c7add3f0 msgid 2 all 1 ldap_chkResponseList returns ld 0x7f11c7add3f0 NULL ldap_int_select read1msg: ld 0x7f11c7add3f0 msgid 2 all 1 ber_get_next ldap_read: want=8, got=0 ber_get_next failed. ldap_err2string ldap_result: Can't contact LDAP server (-1) ldap_free_request (origid 2, msgid 2) ldap_free_connection 1 1 ldap_free_connection: actually freed