search for: tlsciphersuite

The serverlog of openldap with loglevel "any": https://gwarband.de/openldap/openldap-connect.log Note: openldap waits 1 Minute before he says "TLS negotiation failure" after the connect. and dovecot says direct "Connect error" I've also delete the TLSCipherSuite from openldap. Tobias Am 2017-03-18 14:01, schrieb Tomas Habarta: > Increase log level on server side as well to see what the server > says... > You may remove anything in TLSCipherSuite for the purpose of testing > too. > > Hopefully anyone knowing OpenLDAP internals could h...

I have also tested with 2.2.28 and this version has the same issue. The finding of compatible ciphers is not the problem because I have uncommented the ldap entrys: TLSCipherSuite SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM TLSProtocolMin 3.1 Maybe you have further ideas. Am 2017-03-20 17:42, schrieb Aki Tuomi: >> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: >> >> >> Can sombody say something...

Hi everybody I have setting my ldap server. But I created an certificate with the following command: cd /usr/share/ssl/certs; make ldap.pem Then edit slapd.conf file a insert the following lines: TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateFile /usr/share/ssl/certs/ldap.pem TLSCertificateKeyFile /usr/share/ssl/certs/ldap.pem I restart the service. Then, I run the comando authconfig and I select ldap with tls. I review the logs ldap server a thrown the...

...ny": >> https://gwarband.de/openldap/openldap-connect.log >> Note: openldap waits 1 Minute before he says "TLS negotiation >> failure" >> after the connect. >> and dovecot says direct "Connect error" >> >> I've also delete the TLSCipherSuite from openldap. >> >> Tobias >> >> Am 2017-03-18 14:01, schrieb Tomas Habarta: >>> Increase log level on server side as well to see what the server >>> says... >>> You may remove anything in TLSCipherSuite for the purpose of testing >>>...

...t; >> On March 20, 2017 at 8:14 PM info at gwarband.de wrote: >> >> >> I have also tested with 2.2.28 and this version has the same issue. >> >> The finding of compatible ciphers is not the problem because I have >> uncommented the ldap entrys: >> TLSCipherSuite >> SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM >> TLSProtocolMin 3.1 >> >> Maybe you have further ideas. >> >> Am 2017-03-20 17:42, schrieb Aki Tuomi: >>>> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: &gt...

...problem is that I coudl not make it work, here I what I've done. This is what netstat shows. tcp 0 0 0.0.0.0:389 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:389 127.0.0.1:1873 ESTABLISHED tcp 0 0 :::389 :::* LISTEN tcp 0 0 :::636 :::* LISTEN in slapd.conf i have TLSCipherSuite HIGH:MEDIUM:+SSLv3 TLSCertificateFile /usr/local/etc/openldap/ssl/server.crt TLSCertificateKeyFile /usr/local/etc/openldap/ssl/server.key VerifyClient demand I created the certificate like this: openssl genrsa 2048 -out > server.key openssl req -new -key server.key -out server.csr openssl req...

...of openldap with loglevel "any": > https://gwarband.de/openldap/openldap-connect.log > Note: openldap waits 1 Minute before he says "TLS negotiation failure" > after the connect. > and dovecot says direct "Connect error" > > I've also delete the TLSCipherSuite from openldap. > > Tobias > > Am 2017-03-18 14:01, schrieb Tomas Habarta: >> Increase log level on server side as well to see what the server says... >> You may remove anything in TLSCipherSuite for the purpose of testing too. >> >> Hopefully anyone knowing Ope...

...nd.de wrote: >>>> >>>> >>>> I have also tested with 2.2.28 and this version has the same issue. >>>> >>>> The finding of compatible ciphers is not the problem because I have >>>> uncommented the ldap entrys: >>>> TLSCipherSuite >>>> SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM >>>> TLSProtocolMin 3.1 >>>> >>>> Maybe you have further ideas. >>>> >>>> Am 2017-03-20 17:42, schrieb Aki Tuomi: >>>>>> On...

I've replicate the settings from ldapsearch to dovecot but no success. To the certificate: Yes it's a *.crt file but I have linked the *.pem file to it and dovecot has read access to that file. I have enabled the debugging in dovecot and have uploaded the output: https://gwarband.de/openldap/dovecot-connect.log And the other site with ldapsearch:

...;>> https://gwarband.de/openldap/openldap-connect.log >>> Note: openldap waits 1 Minute before he says "TLS negotiation failure" >>> after the connect. >>> and dovecot says direct "Connect error" >>> >>> I've also delete the TLSCipherSuite from openldap. >>> >>> Tobias >>> >>> Am 2017-03-18 14:01, schrieb Tomas Habarta: >>>> Increase log level on server side as well to see what the server >>>> says... >>>> You may remove anything in TLSCipherSuite for the purpose...

...complete, can you try again? Aki > On March 20, 2017 at 8:14 PM info at gwarband.de wrote: > > > I have also tested with 2.2.28 and this version has the same issue. > > The finding of compatible ciphers is not the problem because I have > uncommented the ldap entrys: > TLSCipherSuite > SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM > TLSProtocolMin 3.1 > > Maybe you have further ideas. > > Am 2017-03-20 17:42, schrieb Aki Tuomi: > >> On March 20, 2017 at 5:28 PM info at gwarband.de wrote: > >> >...

...:14 PM info at gwarband.de wrote: > >> > >> > >> I have also tested with 2.2.28 and this version has the same issue. > >> > >> The finding of compatible ciphers is not the problem because I have > >> uncommented the ldap entrys: > >> TLSCipherSuite > >> SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM > >> TLSProtocolMin 3.1 > >> > >> Maybe you have further ideas. > >> > >> Am 2017-03-20 17:42, schrieb Aki Tuomi: > >>>> On March 20, 2017 at 5:2...

...ldap ssl = no working thanx Here my smb.conf: ldap server = localhost #ldap port = 389 ldap port = 636 ldap suffix = o=zolnott,dc=de ldap admin dn = uid=ldaproot,o=zolnott,dc=de ldap filter = (&(uid=%u)(objectclass=sambaAccount)) ldap ssl = start_tls Here my slapd.conf: TLSCipherSuite HIGH:MEDIUM:+SSLv2:RSA TLSCertificateFile /etc/openldap/www.zolnott.de-ldap-crt.pem TLSCertificateKeyFile /etc/openldap/www.zolnott.de-ldap-key-nopw.pem Here my log.smbd: [2003/02/18 01:40:12, 0] passdb/pdb_ldap.c:ldap_open_connection(182) Failed to issue the StartTLS instruction: Can't con...

Hi, sorry for the stupid question, but however i am following all howtos and tutorials it is not working 1) i have created CA certificate - /etc/pki/tls/misc/CA -newca 2) i have generated a new request - /etc/pki/tls/misc/CA -newreq 3) i have signed certificate /etc/pki/tls/misc/CA -signreq SO i have CA in /etc/pki/CA i have newkey.pem i have newcert.pem i have also cealrkey.pem (without

...>> >>>>> >>>>> I have also tested with 2.2.28 and this version has the same issue. >>>>> >>>>> The finding of compatible ciphers is not the problem because I have >>>>> uncommented the ldap entrys: >>>>> TLSCipherSuite >>>>> SECURE128:-ARCFOUR-128:-CAMELLIA-128-CBC:-3DES-CBC:-CAMELLIA-128-GCM >>>>> TLSProtocolMin 3.1 >>>>> >>>>> Maybe you have further ideas. >>>>> >>>>> Am 2017-03-20 17:42, schrieb Aki Tuomi: >&g...

Can sombody say something about this request? This is an email from the openldap-technical mailinglist from openldap. Systemdetails are mention in the other email. -------- Originalnachricht -------- Betreff: Re: Dovecot can't connect to openldap over starttls Datum: 2017-03-20 16:18 Absender: Dan White <dwhite at cafedemocracy.org> Empf?nger: info at gwarband.de Kopie:

...3 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.23 Open source LDAP server implementation I have setup the certificate chain in my slapd.conf like so: [root at LBSD2:/usr/home/bluethundr]#grep -i tls /usr/local/etc/openldap/slapd.conf## TLS options for slapd TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCertificateFile /usr/local/etc/openldap/cacerts/LBSD2.summitnjhome.com.crt TLSCertificateKeyFile /usr/local/etc/openldap/cacerts/slapd.pem TLSCACertificateFile /usr/local/etc/openldap/cacerts/sf_issuing.crt I have tried each of the following certs with no luck in getting my...

Increase log level on server side as well to see what the server says... You may remove anything in TLSCipherSuite for the purpose of testing too. Hopefully anyone knowing OpenLDAP internals could help you analyse it more deeply. Tomas On 03/18/2017 01:31 PM, info at gwarband.de wrote: > I've replicate the settings from ldapsearch to dovecot but no success. > To the certificate: > Yes it's a...

.../openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema allow bind_v2 passwd-hash {SSHA] pidfile /var/run/slapd.pid TLSCipherSuite HIGH:MEDIUM:+SSLv2 TLSCACertificateFile /var/ssl/cacert.pem TLSCertificateFile /var/ssl/ldapcrt.pem TLSCertificateKeyFile /var/ssl/ldapkey.pem TLSVerifyClient 0 security ssf=1 update_ssf=112 simple_bind=64 access to dn=".*,dc=soil,dc=ncsu,dc=edu" attr=userPassword by dn="cn...

...ateKeyFile /etc/ssl/ldapkey.pem # privater Schluessel # equivalent to TLS_CERT TLSCACertificateFile /etc/ssl/demoCA/cacert.pem # Certificate Authority # this is equivalent to TLS_REQCERT #TLSVerifyClient allow #TLSVerifyClient try #TLSVerifyClient demand #Verfahrensweise TLSCipherSuite HIGH:MEDIUM:+SSLv2 ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=redcor,dc=ch" checkpoint 1024 5 cachesize 10000 roo...