Re: [squid-users] LDAP & Novell

From: Tim Bernhardson <[email protected]>
Date: Tue, 17 Dec 2002 08:26:20 -0800

Yes, We are running an SSL enabled ldap server.

The connection starts then fails (the message on the Novell Server is - SSL handshare failed, Error -25

I've looked up what documentation I can find and error # 25 is not listed...

I did export the Root cert from Novell (and convert it from DER to PEM), and add the line CAPath=<directory> to the ldap.conf file.

When I have a chance today I will be placing a question about the 25 error on one of the Novell Forums to see if anyone there has an idea.

Tim
>>> "Dan Cave" <mogul@totalise.co.uk> 12/17/02 03:16AM >>>
Tim,

Is you Novell NDS server running an SSL enabled ldap server? you need to
make sure that any connections between your squid box and novell server
must be ssl'd (if that's what you want to achieve, otherwise normal )

Does your squid server have a valid ssl certificate?

try doing a strace/lsof/ptrace of your squid process to see whats going on
when you try and connect to the novell box.. that'll point you in the right
direction.

dan

----- Original Message -----
From: "Tim Bernhardson" <TBERNHAR@sunmaid.com>
To: <squid-users@squid-cache.org>
Sent: Monday, December 16, 2002 6:41 PM
Subject: RE: [squid-users] LDAP & Novell

I am at the same point Jay is at in attempting to get ldap authentication
via SSL to Novell NDS.

When I try squid_ldap_auth (or ldapsearch) from the command line I get the
message "squid_ldap_auth: WARNING, could not bind to binddn 'Can't contact
LDAP server'" (if I take out the SSL options it works fine).

I'm thinking at this point that it is a problem between openssl & Novell
since I can connect to the Novell server & do queries with no problems using
a Java Utility (ldapbrowser) that uses JSSE instead of OpenSSL.

Does anyone have this running against Novell NDS using SSL with the Novel
server using self signed certificates (I ran the command 'openssl
s_client -connect novellserver:636' to double check the SSL Cert and the
only error that came up was that it was a self signed certificate).

Tim Bernhardson
Senior Technical Engineer
Certified Citrix Metaframe Administrator
Certified CyberGuard Administrator
Certified AIX 4.3 System Administrator
Sun-Maid Growers of California
7273 Murray Drive, Ste 18
Stockton, CA 95210

tbernhar at sunmaid dot com
Received on Tue Dec 17 2002 - 09:30:49 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:07 MST