2 Replies Latest reply: Jan 8, 2010 4:04 PM by 807567 RSS

    Solaris 10 ldapclient problems

      Hi all,

      I currently have an Ubuntu 9.10 server running OpenLDAP protected with self signed certs. I am trying to set up my Solaris 10u8
      system as a client. I have followed the numerous online tutorials and websites, and originally had things working with Ubuntu 8.04 LTS.
      However, I currently get a failure when I try to run ldapclient init. The error on the client side is:

      LDAP ERROR (81): Error occurred during receiving results. Connection to server lost.

      And, on the server side in debug mode I see:

      conn=5 fd=16 ACCEPT from IP=XXX.XXX.XXX.XXX:33938 (IP=
      TLS: can't accept: A record packet with illegal version was received..
      conn=5 fd=16 closed (TLS negotiation failure)

      Oddly, if I perform an ldapsearch from the client like so:

      ldapsearch -vvv -h myldapserver.ucsd.edu -p 636 -ZZ -P /var/ldap/cert8.db -b "dc=ucsd,dc=edu" "objectclass=DUAConfigProfile"

      I get the correct results from my OpenLDAP server, and the following shows the following in debug mode:

      conn=6 fd=16 ACCEPT from IP=XXX.XXX.XXX.XXX:33939 (IP=
      conn=6 fd=16 TLS established tls_ssf=128 ssf=128
      conn=6 op=0 SRCH base="dc=ucsd,dc=edu" scope=2 deref=0 filter="(objectClass=DUAConfigProfile)"
      conn=6 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
      conn=6 op=1 UNBIND
      conn=6 fd=16 closed

      I am at a loss as to why the ldapsearch works correctly, and the server accpets the TLS connection, but the
      ldapclient command fails because the TLS connection fails.


        • 1. Re: Solaris 10 ldapclient problems
          What parameters are you supplying to ldapclient init ?
          • 2. Re: Solaris 10 ldapclient problems
            Thanks for looking.

            ldapclient -v init \
            -a proxyDN=cn=admin,dc=ucsd,dc=edu \
            -a proxyPassword="passwd" \
            -a domainName=ucsd.edu \
            -a profileName=tls_profile \
            -a certificatePath=/var/ldap/cert8.db \

            This is only a test client, so I am going to reinstall from scratch
            and try again. I did have it working with an older Ubuntu version
            using an older OpenLDAP server. The release I am playing with
            now uses GnuTLS now, but the fact that the ldapsearch command
            works with TLS but ldapclient doesn't (which seems to be the
            reverse of what others have had problems with) is odd.

            I have also tried:

            ldapclient -v manual \
            -a credentialLevel=proxy \
            -a proxyDN=cn=admin,dc=ucsd,dc=edu \
            -a proxyPassword="password" \
            -a defaultSearchBase=dc=ucsd,dc=edu \
            -a defaultSearchScope=sub \
            -a domainName=ucsd.edu \
            -a serviceSearchDescriptor=passwd:dc=ucsd,dc=edu?sub \
            -a serviceSearchDescriptor=shadow:dc=ucsd,dc=edu?sub \
            -a serviceSearchDescriptor=group:dc=ucsd,dc=edu?sub \
            -a serviceAuthenticationMethod=pam_ldap:tls:simple \
            -a certificatePath=/var/ldap/cert8.db \
            -a authenticationMethod=tls:simple \
            -a defaultServerList="ldapslave.ucsd.edu ldapslave2.ucsd.edu"

            but this doesn't work either.