1. 首页
  2. 问答
  3. OpenLDAP - TDS - 无法联系LDAP服务器(-1)

OpenLDAP - TDS - 无法联系LDAP服务器(-1)

2016-09-16 107 views
0

我想尝试通过ldapsearch连接到TDS服务器。首先,我已经下载了“OpenLDAP的”,但现在用命令:OpenLDAP - TDS - 无法联系LDAP服务器(-1)

ldapsearch -H ldaps://myhostadress:636

我总是得到以下错误:

ldap_sasl_interactive_bind_s: Can't contact LDAP serv 
additional info: error:14090086:SSL routines: 
:certificate verify failed (self signed certificate)

我重视我的命令“-d1”的详细信息,并得到:

ldap_url_parse_ext(ldaps://xxx:636) 
ldap_create 
ldap_url_parse_ext(ldaps://xxxx:636/??base) 
ldap_pvt_sasl_getmech 
ldap_search 
put_filter: "(objectclass=*)" 
put_filter: simple 
put_simple_filter: "objectclass=*" 
ldap_send_initial_request 
ldap_new_connection 1 1 0 
ldap_int_open_connection 
ldap_connect_to_host: TCP xxxxx:636 
ldap_new_socket: 360 
ldap_prepare_socket: 360 
ldap_connect_to_host: Trying 9.xxxxxx:636 
ldap_pvt_connect: fd: 360 tm: -1 async: 0 
attempting to connect: 
connect success 
TLS trace: SSL_connect:before/connect initialization 
TLS trace: SSL_connect:SSLv2/v3 write client hello A 
TLS trace: SSL_connect:SSLv3 read server hello A 
TLS certificate verification: depth: 0, err: 18, subject: /O=org/OU=OrgUnit 
Germany/CN=xxxxx, issuer: /O=org/OU=OrgUnit 
Germany/CN=xxxx 
TLS certificate verification: Error, self signed certificate 
TLS trace: SSL3 alert write:fatal:unknown CA 
TLS trace: SSL_connect:error in error 
TLS trace: SSL_connect:error in error 
TLS: can't connect: error:14090086:SSL 
routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate). 
ldap_msgfree 
ldap_err2string 
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) 
    additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate)

我认为这与SSL证书有关!?我读过一些其他类似问题的线索。这 后,我问我的管理员为SSL证书,并得到了与以下结构的.pem文件(这只是摘录):

-----BEGIN CERTIFICATE---- 
mcdp+Kh5Zd3YOttXbjemxIvwfRvPd/Ho4VtBsi5yJT5DSehL4L8ZN 
DKaSL6BQ5MlQ1bsmQQ04PKNBrPKFFIiadi9QsFrUiNCQSKDLSKDSK 
XbjemxIvwfRvPd/Ho4VtBsi5yJT5DSehL4L8ZNIUWEISNSDJKLSDJ 
DKaUiNCXbjemxIvwfRvPdHo4VtBsi5yJT5DSSDKOSOÖDKJLSDJKSD 
hL4L8ZNL6BQ5MlQ1bsmQQ04PKNBrPKFFIiadi9QsFrUiNCJKLSADN 
..................................................... 
..................................................... 
-----END CERTIFICATE-----

我有什么,现在怎么办?为荣誉证书OpenLDAP的文件夹是

`C:\OpenLDAP-2.4.43\etc\certs

,并在配置文件中,

`C:\OpenLDAP-2.4.43\etc\openldap`

Performing ldapsearch over TLS/SSL against Active Directory解释并添加到我的ldap.conf

HOST hostxyz.com 
PORT 636 
TLS_CACERT \etc\certs\trustKey.cer  // C:\OpenLDAP-2.4.43\etc\cert\trustKey.cer ; .pem file changed into .cer file 
TLS_REQCERT demand

,并开始我曾尝试电话ldapmodify -H ldaps://hostxyz.com:636 但我总是得到错误提到。

问候

来源

2016-09-16 InfoEngi

+0

[ldapsearch ssl/tls可能重复不起作用](http://stackoverflow.com/questions/9468137/ldapsearch-over-ssl-tls-doesnt-work) –

+0

我试图调整它,但它仍然不起作用,所以我更新了我的问题。 – InfoEngi

回答

0

我也得到了一个文件“trustKeyStore.jks”,我试图

ldapsearch -h ldaps://myhostadress.com -K c:/truststore.jks

那么我得到的错误,即-K是一个无效的选项。但我已经读过,“-k”是trustedkeyStore的参数。

来源

2016-09-19 10:16:14 InfoEngi

相关问题

 相关问题