[Freeipa-users] FreeIPA 2.1 - Authenticated LDAP search
Dan Scott
danieljamesscott at gmail.com
Wed Sep 14 18:59:04 UTC 2011
Hi,
I'm trying to perform an authenticated LDAP search against a FreeIPA
server (Fedora 15, freeipa-server-2.1.0-1.fc15.x86_64).
When I run:
[root at kelvin ~]# ldapsearch -D
"uid=guser,cn=users,cn=accounts,dc=example,dc=com" -w 'guserpassword'
-b "cn=accounts,dc=example,dc=com" -h kelvin.example.com -v
"uid=guser" -ZZ -c -d1
I receive the following error:
ldap_start_tls: Connect error (-11)
additional info: TLS error -8172:Unknown code ___f 20
Full details shown in attachment.
Can anyone help me figure out what I'm doing wrong?
Thanks,
Dan Scott
http://danieljamesscott.org
-------------- next part --------------
[root at kelvin ~]# ldapsearch -D "uid=guser,cn=users,cn=accounts,dc=example,dc=com" -w 'guserpassword' -b "cn=accounts,dc=example,dc=com" -h kelvin.example.com -v "uid=guser" -ZZ -c -d1
ldap_initialize( ldap://kelvin.example.com )
ldap_create
ldap_url_parse_ext(ldap://kelvin.example.com)
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP kelvin.example.com:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 192.168.100.32:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 31 bytes to sd 3
ldap_result ld 0xb0d280 msgid 1
wait4msg ld 0xb0d280 msgid 1 (infinite timeout)
wait4msg continue ld 0xb0d280 msgid 1 all 1
** ld 0xb0d280 Connections:
* host: kelvin.example.com port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Sep 14 14:52:28 2011
** ld 0xb0d280 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0xb0d280 request count 1 (abandoned 0)
** ld 0xb0d280 Response Queue:
Empty
ld 0xb0d280 response count 0
ldap_chkResponseList ld 0xb0d280 msgid 1 all 1
ldap_chkResponseList returns ld 0xb0d280 NULL
ldap_int_select
read1msg: ld 0xb0d280 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 95 contents:
read1msg: ld 0xb0d280 msgid 1 message type extended-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0xb0d280 0 new referrals
read1msg: mark request completed, ld 0xb0d280 msgid 1
request done: ld 0xb0d280 msgid 1
res_errno: 0, res_error: <Start TLS request accepted.Server willing to negotiate SSL.>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eAA) ber:
ber_scanf fmt (a) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber:
ldap_msgfree
TLS: certificate [CN=Certificate Authority,O=EXAMPLE.COM] is not valid - error -8172:Unknown code ___f 20.
TLS: error: connect - force handshake failure: errno 21 - moznss error -8172
TLS: can't connect: TLS error -8172:Unknown code ___f 20.
ldap_err2string
ldap_start_tls: Connect error (-11)
additional info: TLS error -8172:Unknown code ___f 20
More information about the Freeipa-users
mailing list