[Ltb-users] Fw: Ppolicy.la missing and Self Service password authenticate issue

Saurabh Ohri sam_ohri at yahoo.co.in
Tue Mar 11 14:55:32 CET 2014


Thanks clement. Someone told me about that already. Looking into SSL issue but not able to figure out. Please help if you could as I am strugglinh to get open ldap working from past 2-3 weeks.

[root at xxx-xxx-xxx etc]# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /usr/local/openldap/dit.ldif -H ldaps://xxx-xxx-xxx.example.com
Enter LDAP Password:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Logs error:

TLS trace: SSL_accept:SSLv3 flush data
tls_read: want=5 error=Resource temporarily unavailable
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
531ecbee daemon: activity on 1 descriptor
531ecbee daemon: activity on:531ecbee
531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero
531ecbee daemon: activity on 1 descriptor
531ecbee daemon: activity on:531ecbee  11r531ecbee
531ecbee daemon: read active on 11
531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero
531ecbee connection_get(11)
531ecbee connection_get(11): got connid=1000
531ecbee connection_read(11): checking for input on id=1000
tls_read: want=5, got=5
  0000:  15 03 01 00 02                                     .....
tls_read: want=2, got=2
  0000:  02 30                                              .0
TLS trace: SSL3 alert read:fatal:unknown CA
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca.
531ecbee connection_read(11): TLS accept failure error=-1 id=1000, closing
531ecbee connection_closing: readying conn=1000 sd=11 for close
531ecbee connection_close: conn=1000 sd=11
531ecbee daemon: removing 11
531ecbee daemon: activity on 1 descriptor
531ecbee daemon: activity on:531ecbee
531ecbee daemon: epoll: listen=7 active_threads=0 tvp=zero
 
Please suggest.

Regards
Sam

Sent from my iPhone

> On 11 Mar 2014, at 9:31 pm, Clément OUDOT <clem.oudot at gmail.com> wrote:
> 
> 
> 
> 
> 2014-03-11 3:29 GMT+01:00 saurabh ohri <sam_ohri at yahoo.co.in>:
>>  
>> Regards
>> Saurabh
>> 9818925959
>> 
>> 
>> On Tuesday, 11 March 2014 10:26 AM, saurabh ohri <sam_ohri at yahoo.co.in> wrote:
>> Hi All,
>> 
>> I have installed openldap-ltb-2.4.39-2.el6.x86_64 on RHEL6.5 and configured password policy on it. Some how i am unable to find ppolicy.la on the system. also password policies are not working.
> 
> 
> There is no ppolicy.la in LTB RPM, overlays are compiled into slapd.
>  
>> 
>> I thought of installing Self Service Password but it is also not authenticating.
>>  
>> 
>> [Mon Mar 10 16:42:52 2014] [error] [client xxx.xxx.xxx.xxx] LDAP - Bind error -1  (Can't contact LDAP server), referer: http://xxx-xxx-xxx.example.com/
>> ldap logs:
>> Mar 11 09:48:22 xxx-xxx-xxx slapd[27609]: connection_read(9): checking for input on id=1148
>> Mar 11 09:48:22 xxx-xxx-xxx slapd[27609]: connection_read(9): TLS accept failure error=-1 id=1148, closing
>> Mar 11 09:48:22 xxx-xxx-xxx slapd[27609]: connection_closing: readying conn=1148 sd=9 for close
>> 
>> Please help!!
> 
> 
> Seems a SSL configuration problem.
> 
> Clément.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-users/attachments/20140311/9fb3f312/attachment-0001.htm>


More information about the ltb-users mailing list