1 Reply Latest reply: May 7, 2014 3:27 PM by Mitch Patenaude RSS

    LDAP client tls problems

    Mitch Patenaude

      So I've got a Solaris 11 ldap client which is talking to a couple of linux servers (one master in another data center, and a slave which is in the local data center.)

       

      When I have it talk to the master, it works fine:

      bash-4.1# ldapsearch -x -ZZ -h ldap-master.example.com -b 'ou=groups,dc=example,dc=com' cn=login-prod

      version: 1

      dn: cn=login-prod,ou=Groups,dc=example,dc=com

      objectClass: posixGroup

      objectClass: groupofuniquenames

      objectClass: top

      cn: login-prod

      [...]

       

      But when I talk to the local server it fails immediately:

      bash-4.1# ldapsearch -x -ZZ -h ldap-local.example.com -b 'ou=groups,dc=example,dc=com' cn=login-prod

      ldap_search: Can't contact LDAP server

       

      However, if I drop the TLS requirement (remove the -ZZ flag) it works fine.

      bash-4.1# ldapsearch -x -h ldap-local.example.com -b 'ou=groups,dc=example,dc=com' cn=login-prod

      version: 1

      dn: cn=login-prod,ou=Groups,dc=example,dc=com

      cn: login-prod

      [...]

       

      Now the weird thing is that the linux clients don't have any problem using TLS to either server, and I'm pretty sure it's not a certificate issue, but I when I try to pass the debug flag (-d 1), I get the warning "compile with -DLDAP_DEBUG for debugging" and no extra info.

       

      Where should I be looking?

       

        Thanks,

          -- MItch