Look closer you have starttls in your config next to ssl directive. This tells ldap commands to use starttls on default

7 maj 2013 11:29, "Aziza Lichir" <aziza.lichir@gmail.com> napisa≥(a):
now I've changed uri in both files /etc/ldap.conf and /etc/openldap/ldap.conf :
uri ldap://srv-ds-38.meyclub.net

and its working just like before here are logs :

[07/May/2013:11:20:58 +0200] conn=200 fd=69 slot=69 connection from 192.168.1.103 to 192.168.1.112
[07/May/2013:11:20:58 +0200] conn=200 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="startTLS"
[07/May/2013:11:20:58 +0200] conn=200 op=0 RESULT err=0 tag=120 nentries=0 etime=0
[07/May/2013:11:20:58 +0200] conn=200 SSL 256-bit AES
[07/May/2013:11:20:58 +0200] conn=200 op=1 BIND dn="" method=128 version=3
[07/May/2013:11:20:58 +0200] conn=200 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[07/May/2013:11:20:58 +0200] conn=200 op=2 SRCH base="dc=meyclub,dc=net" scope=2 filter="(&(objectClass=posixAccount)(uid=user1))" attrs="uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass"
[07/May/2013:11:20:58 +0200] conn=200 op=2 RESULT err=0 tag=101 nentries=1 etime=0


and the server side when i do netstat -ntap all i see is this for
tcp††††††† 0††††† 0 ::ffff:192.168.1.112:389††† ::ffff:192.168.1.103:46296† ESTABLISHED 19414/ns-slapd
tcp††††††† 0††††† 0 ::ffff:192.168.1.112:389††† ::ffff:192.168.1.103:46301† ESTABLISHED 19414/ns-slapd
tcp††††††† 0††††† 0 ::ffff:192.168.1.112:389††† ::ffff:192.168.1.103:46294† ESTABLISHED 19414/ns-slapd
tcp††††††† 0††††† 0 ::ffff:192.168.1.112:389††† ::ffff:192.168.1.76:4824††† ESTABLISHED 19414/ns-slapd
tcp††††††† 0††††† 0 ::ffff:192.168.1.112:389††† ::ffff:192.168.1.103:46298† ESTABLISHED 19414/ns-slapd
tcp††††††† 0††††† 0 ::ffff:192.168.1.112:389††† ::ffff:192.168.1.103:46295† ESTABLISHED 19414/ns-slapd
tcp††††††† 0††††† 0 ::ffff:192.168.1.112:636††† ::ffff:192.168.1.76:4715††† ESTABLISHED 19414/ns-slapd

so I don't get it maybe i didn't understand the use of TLS/SSL very well or I'm missing something.

Thanks for your help.




___________________________________________________________
Aziza Lichir


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users