堆栈内存溢出
  简体   繁体   English

从openLDAP客户端到IBM LDAP的ssl连接

[英]ssl connection from an openLDAP client to an IBM LDAP

 原文  2013-06-04 12:07:07       ssl/ ldap/ openldap/ tivoli/ tivoli-identity-manager

问题描述

I've got problems connecting secure (SSL) to an IBM LDAP server using an openLDAP client. 我使用openLDAP客户端将安全(SSL)连接到IBM LDAP服务器时遇到问题。

A connection like the following, which is not using SSL works fine: 如下所示的未使用SSL的连接工作正常: 

ldapsearch -h <LDAP server host name> -D <bind dn> -w ? -b <base dn> <filter>

But when I add the -Z option to use a secure LDAP connection (SSL) like shown in the following ldapsearch an error occours: 但是,当我添加-Z选项以使用安全的LDAP连接(SSL)时,如以下ldapsearch所示,会出现错误: 

ldapsearch -h <LDAP server host name> -Z -D <bind dn> -w ? -b <base dn> <filter>

The error says: 错误提示: 

ldap_simple_bind: Can't contact LDAP server
Attempted communication over SSL.
  The extended error is 116.

Here I found out that I have to add ssl start_tls to the clients configuration file (ldap.conf) to enable SSL in openLDAP: http://www.openldap.org/faq/data/cache/185.html 在这里,我发现我必须将ssl start_tls添加到客户端配置文件(ldap.conf)中以在openLDAP中启用SSL: http : //www.openldap.org/faq/data/cache/185.html

After reading the description above I'm not sure if the author is dealing with an openLDAP client and an openLDAP server and if this is the only change that have to be made to make the connection work. 阅读完上面的描述后,我不确定作者是否正在处理openLDAP客户端和openLDAP服务器,并且这是否是唯一必要的更改才能使连接正常工作。

Does anybody here know if it is possible to connect from an openLDAP client to an IBM LDAP server using an SSL connection? 这里是否有人知道是否可以使用SSL连接从openLDAP客户端连接到IBM LDAP服务器?

Does anybody have experience with this topic? 有人对此主题有经验吗?

Thanks a lot! 非常感谢!

2 个解决方案

解决方案1
 0  2013-06-04 13:08:04

IBM's website has a discussion of this error. IBM网站上对此错误进行了讨论。

A number of possibilities, mostly server side, about keys not being in the keystore, expired, or not using port 636. So you can look at this and see if it helps you. 关于密钥不在密钥库中,密钥已过期或未使用端口636的多种可能性(主要是服务器端)。因此,您可以查看一下它是否对您有所帮助。

解决方案2
 0 已采纳  2013-06-05 03:54:07

As far as I know, OpenSSL no longer provides CA signer certificates in its trust store (ie, CA cert file). 据我所知,OpenSSL不再在其信任库中提供CA签名者证书(即CA证书文件)。 Therefore, you will have to configure OpenLDAP's ldapsearch through the file .ldaprc or ldap.conf to specify the location of the trust store that has the signer certificates for your LDAP server. 因此,您将必须通过文件.ldaprcldap.conf配置OpenLDAP的ldapsearch ,以指定具有LDAP服务器签名者证书的信任库的位置。 Something like this: 像这样: 

TLS_CACERT /usr/ssl/certs/my.ldapserver.certs.pem
# TLS_CACERTDIR /usr/ssl/certs/
TLS_REQCERT never|allow||try|demand|hard

See 看到

http://www.openldap.org/software/man.cgi?query=ldap.conf&format=html http://www.openldap.org/software/man.cgi?query=ldap.conf&format=html

http://www.openldap.org/faq/data/cache/185.html http://www.openldap.org/faq/data/cache/185.html

for more details. 更多细节。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 具有SSL连接的OpenLdap失败 - OpenLdap with SSL connection Failed eDirectory和OpenLDAP之间的SSL连接 - SSL connection between eDirectory and OpenLDAP 如何使用SSL连接从客户端连接到IBM WebSphere Queue Manager - How to connect from client to IBM WebSphere Queue Manager using SSL Connection SSL Ldap连接(ldaps) - SSL Ldap Connection (ldaps) 来自Java客户端的SSL连接 - SSL Connection from Java client 如何在Ubuntu上启用openLDAP在SSL上使用LDAP - How to enable openLDAP to use LDAP over SSL on Ubuntu 如何确保通过JNDI通过SSL进行LDAP连接 - How to ensure LDAP connection over SSL from JNDI 无法从Windows Server 2008 VM建立与LDAP的SSL连接 - Unable to establish SSL connection to LDAP from a windows server 2008 VM IBM JDK 7 SSL连接不起作用 - IBM JDK 7 SSL connection not working libldap openldap设置选项对于简单的SSL连接失败 - libldap openldap setting option fails for simple SSL connection
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM