0
我想尝试通过ldapsearch连接到TDS服务器。首先,我已经下载了“OpenLDAP的”,但现在用命令:OpenLDAP - TDS - 无法联系LDAP服务器(-1)
ldapsearch -H ldaps://myhostadress:636
我总是得到以下错误:
ldap_sasl_interactive_bind_s: Can't contact LDAP serv
additional info: error:14090086:SSL routines:
:certificate verify failed (self signed certificate)
我重视我的命令“-d1”的详细信息,并得到:
ldap_url_parse_ext(ldaps://xxx:636)
ldap_create
ldap_url_parse_ext(ldaps://xxxx:636/??base)
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP xxxxx:636
ldap_new_socket: 360
ldap_prepare_socket: 360
ldap_connect_to_host: Trying 9.xxxxxx:636
ldap_pvt_connect: fd: 360 tm: -1 async: 0
attempting to connect:
connect success
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 18, subject: /O=org/OU=OrgUnit
Germany/CN=xxxxx, issuer: /O=org/OU=OrgUnit
Germany/CN=xxxx
TLS certificate verification: Error, self signed certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in error
TLS trace: SSL_connect:error in error
TLS: can't connect: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate).
ldap_msgfree
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate)
我认为这与SSL证书有关!?我读过一些其他类似问题的线索。这 后,我问我的管理员为SSL证书,并得到了与以下结构的.pem文件(这只是摘录):
-----BEGIN CERTIFICATE----
mcdp+Kh5Zd3YOttXbjemxIvwfRvPd/Ho4VtBsi5yJT5DSehL4L8ZN
DKaSL6BQ5MlQ1bsmQQ04PKNBrPKFFIiadi9QsFrUiNCQSKDLSKDSK
XbjemxIvwfRvPd/Ho4VtBsi5yJT5DSehL4L8ZNIUWEISNSDJKLSDJ
DKaUiNCXbjemxIvwfRvPdHo4VtBsi5yJT5DSSDKOSOÖDKJLSDJKSD
hL4L8ZNL6BQ5MlQ1bsmQQ04PKNBrPKFFIiadi9QsFrUiNCJKLSADN
.....................................................
.....................................................
-----END CERTIFICATE-----
我有什么,现在怎么办?为荣誉证书OpenLDAP的文件夹是
`C:\OpenLDAP-2.4.43\etc\certs
,并在配置文件中,
`C:\OpenLDAP-2.4.43\etc\openldap`
在Performing ldapsearch over TLS/SSL against Active Directory解释并添加到我的ldap.conf
HOST hostxyz.com
PORT 636
TLS_CACERT \etc\certs\trustKey.cer // C:\OpenLDAP-2.4.43\etc\cert\trustKey.cer ; .pem file changed into .cer file
TLS_REQCERT demand
,并开始我曾尝试电话ldapmodify -H ldaps://hostxyz.com:636
但我总是得到错误提到。
问候
[ldapsearch ssl/tls可能重复不起作用](http://stackoverflow.com/questions/9468137/ldapsearch-over-ssl-tls-doesnt-work) –
我试图调整它,但它仍然不起作用,所以我更新了我的问题。 – InfoEngi