<html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 01/31/2014 02:09 PM, Todd Maugh wrote: </div> <blockquote cite="mid:6FB698E172A95F49BE009B36D56F53E226A6D1@EXCHMB1-ELS.BWINC.local" type="cite"> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">thank you for the reply. here is the out put of the first command. I'm going to run the second now and will reply with that as well LDAPTLS_CACERTDIR=/etc/dirsrv/slapd-BOINGO-COM/ ldapsearch -d 1 -LLLx -ZZ -H <a class="moz-txt-link-freetext" href="ldap://qatestdc2.boingoqa.local">ldap://qatestdc2.boingoqa.local</a> -b "cn=idm admin,cn=users,dc=boingoqa,dc=local" -D "cn=idm admin,cn=users,dc=boingoqa,dc=local" -W 'objectclass=*' dn ldap_url_parse_ext(<a class="moz-txt-link-freetext" href="ldap://qatestdc2.boingoqa.local">ldap://qatestdc2.boingoqa.local</a>) ldap_create ldap_url_parse_ext(<a class="moz-txt-link-freetext" href="ldap://qatestdc2.boingoqa.local:389/??base">ldap://qatestdc2.boingoqa.local:389/??base</a>) ldap_extended_operation_s ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP qatestdc2.boingoqa.local:389 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 10.194.55.48:389 ldap_pvt_connect: fd: 3 tm: -1 async: 0 ldap_open_defconn: successful ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush2: 31 bytes to sd 3 ldap_result ld 0x260a160 msgid 1 wait4msg ld 0x260a160 msgid 1 (infinite timeout) wait4msg continue ld 0x260a160 msgid 1 all 1 ** ld 0x260a160 Connections: * host: qatestdc2.boingoqa.local port: 389 (default) refcnt: 2 status: Connected last used: Fri Jan 31 21:07:43 2014 ** ld 0x260a160 Outstanding Requests: * msgid 1, origid 1, status InProgress outstanding referrals 0, parent count 0 ld 0x260a160 request count 1 (abandoned 0) ** ld 0x260a160 Response Queue: Empty ld 0x260a160 response count 0 ldap_chkResponseList ld 0x260a160 msgid 1 all 1 ldap_chkResponseList returns ld 0x260a160 NULL ldap_int_select read1msg: ld 0x260a160 msgid 1 all 1 ber_get_next ber_get_next: tag 0x30 len 40 contents: read1msg: ld 0x260a160 msgid 1 message type extended-result ber_scanf fmt ({eAA) ber: read1msg: ld 0x260a160 0 new referrals read1msg: mark request completed, ld 0x260a160 msgid 1 request done: ld 0x260a160 msgid 1 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 1, msgid 1) ldap_parse_extended_result ber_scanf fmt ({eAA) ber: ber_scanf fmt (a) ber: ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (x) ber: ber_scanf fmt (}) ber: ldap_msgfree TLS: certdb config: configDir='/etc/dirsrv/slapd-BOINGO-COM/' tokenDescription='ldap(0)' certPrefix='' keyPrefix='' flags=readOnly TLS: using moznss security dir /etc/dirsrv/slapd-BOINGO-COM/ prefix . TLS: loaded CA certificate file /etc/ipa/ca.crt. </div> </blockquote> Can you provide your /etc/openldap/ldap.conf? <blockquote cite="mid:6FB698E172A95F49BE009B36D56F53E226A6D1@EXCHMB1-ELS.BWINC.local" type="cite"> <div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;"> TLS: certificate [CN=QATESTDC2.boingoqa.local] is not valid - error -8179:Peer's Certificate issuer is not recognized.. </div> </blockquote> This is saying QATESTDC2.boingoqa.local cannot be resolved - or the IP address does not match. This is usually a problem, but perhaps you have set your ldap.conf to continue despite this problem? <blockquote cite="mid:6FB698E172A95F49BE009B36D56F53E226A6D1@EXCHMB1-ELS.BWINC.local" type="cite"> <div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;"> TLS certificate verification: subject: CN=QATESTDC2.boingoqa.local, issuer: CN=SKYWARPCA,DC=boingoqa,DC=local, cipher: AES-128, security level: high, secret key bits: 128, total key bits: 128, cache hits: 0, cache misses: 0, cache not reusable: 0 Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({i) ber: ber_flush2: 65 bytes to sd 3 ldap_result ld 0x260a160 msgid 2 wait4msg ld 0x260a160 msgid 2 (infinite timeout) wait4msg continue ld 0x260a160 msgid 2 all 1 ** ld 0x260a160 Connections: * host: qatestdc2.boingoqa.local port: 389 (default) refcnt: 2 status: Connected last used: Fri Jan 31 21:07:50 2014 ** ld 0x260a160 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x260a160 request count 1 (abandoned 0) ** ld 0x260a160 Response Queue: Empty ld 0x260a160 response count 0 ldap_chkResponseList ld 0x260a160 msgid 2 all 1 ldap_chkResponseList returns ld 0x260a160 NULL ldap_int_select read1msg: ld 0x260a160 msgid 2 all 1 ber_get_next ber_get_next: tag 0x30 len 16 contents: read1msg: ld 0x260a160 msgid 2 message type bind ber_scanf fmt ({eAA) ber: read1msg: ld 0x260a160 0 new referrals read1msg: mark request completed, ld 0x260a160 msgid 2 request done: ld 0x260a160 msgid 2 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 2, msgid 2) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_search_ext put_filter: "objectclass=*" put_filter: default put_simple_filter: "objectclass=*" ldap_send_initial_request ldap_send_server_request ber_scanf fmt ({it) ber: ber_scanf fmt ({) ber: ber_flush2: 85 bytes to sd 3 ldap_result ld 0x260a160 msgid -1 wait4msg ld 0x260a160 msgid -1 (infinite timeout) wait4msg continue ld 0x260a160 msgid -1 all 0 ** ld 0x260a160 Connections: * host: qatestdc2.boingoqa.local port: 389 (default) refcnt: 2 status: Connected last used: Fri Jan 31 21:07:50 2014 ** ld 0x260a160 Outstanding Requests: * msgid 3, origid 3, status InProgress outstanding referrals 0, parent count 0 ld 0x260a160 request count 1 (abandoned 0) ** ld 0x260a160 Response Queue: Empty ld 0x260a160 response count 0 ldap_chkResponseList ld 0x260a160 msgid -1 all 0 ldap_chkResponseList returns ld 0x260a160 NULL ldap_int_select read1msg: ld 0x260a160 msgid -1 all 0 ber_get_next ber_get_next: tag 0x30 len 59 contents: read1msg: ld 0x260a160 msgid 3 message type search-entry ldap_get_dn_ber ber_scanf fmt ({ml{) ber: dn: CN=IDM ADMIN,CN=Users,DC=boingoqa,DC=local ber_scanf fmt ({xx) ber: ldap_get_attribute_ber ldap_msgfree ldap_result ld 0x260a160 msgid -1 wait4msg ld 0x260a160 msgid -1 (infinite timeout) wait4msg continue ld 0x260a160 msgid -1 all 0 ** ld 0x260a160 Connections: * host: qatestdc2.boingoqa.local port: 389 (default) refcnt: 2 status: Connected last used: Fri Jan 31 21:07:50 2014 ** ld 0x260a160 Outstanding Requests: * msgid 3, origid 3, status InProgress outstanding referrals 0, parent count 0 ld 0x260a160 request count 1 (abandoned 0) ** ld 0x260a160 Response Queue: Empty ld 0x260a160 response count 0 ldap_chkResponseList ld 0x260a160 msgid -1 all 0 ldap_chkResponseList returns ld 0x260a160 NULL read1msg: ld 0x260a160 msgid -1 all 0 ber_get_next ber_get_next: tag 0x30 len 16 contents: read1msg: ld 0x260a160 msgid 3 message type search-result ber_scanf fmt ({eAA) ber: read1msg: ld 0x260a160 0 new referrals read1msg: mark request completed, ld 0x260a160 msgid 3 request done: ld 0x260a160 msgid 3 res_errno: 0, res_error: <>, res_matched: <> ldap_free_request (origid 3, msgid 3) ldap_parse_result ber_scanf fmt ({iAA) ber: ber_scanf fmt (}) ber: ldap_msgfree ldap_free_connection 1 1 ldap_send_unbind ber_flush2: 7 bytes to sd 3 ldap_free_connection: actually freed </div> </blockquote> </body> </html>