LDAP server in jail problem

R

rainbowwarrior

Hey,

I've got an FreeBSD server in the internet and running 2 jails.

A Jail -> ldap server
B Jail -> Apache2

Both have got public IP's. I can reach the ldap server from all over the internet, but not in the jail i need, in Jail B.

So my ldapsearch from Jail B failed with "Can't contact LDAP server (-1)".

Any idea?
 
How are you connecting to the LDAP server? What IP address do you use for it? It should be the public IP address.
 
Yes, i use the public IP address and the ldapserver is listen on it.


Code: 
ldapsearch -x -h ldaps://public-ip -b "dc=company,dc=de" -p 636 -d3 
ldap_create
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:389
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 127.0.0.1:389
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_close_socket: 3
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Same on any other maschine works without any problems.
 
You're connecting to localhost (127.0.0.1) not the public IP address.

If I read ldapsearch(1) correctly you should use -H not -h.
 
Okay, with URI its -H and for an host its -h. My mistake.

Now it runs with Port 389, but not with 636 for tls. I get this error:
Code: 
ldapsearch -x -h ip -b "dc=for-sale-online-marketing,dc=de" -Z
ldap_start_tls: Connect error (-11)
	additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (self signed certificate)
ldap_result: Can't contact LDAP server (-1)

Now I put
Code: 
TLS_CACERT  /root/ssl/ca.cert
in the ldap.conf without any changes..and the apache said internal server error when I start authentication due ldap with tls.
 
Have you tried with the URI? Both the -p and -h options are deprecated.
 
have you configured the /usr/local/etc/openldap/ldap.conf in jail B like this?
Code: 
base dc=company,dc=de
uri ldap://jail-B
ssl start_tls
tls_cacert /root/ssl/ca.cert
 
Yes, now it's in the ldap.conf. But on other server the ldap.conf is empty and the authentification via ldap tls and Apache is running perfectly.
 
You must log in or register to reply here.
Back
Top