1. 首頁
  2. 問答
  3. OpenLDAP - TDS - 無法聯繫LDAP服務器(-1)

OpenLDAP - TDS - 無法聯繫LDAP服務器(-1)

2016-09-16 204 views
0

我想嘗試通過ldapsearch連接到TDS服務器。首先,我已經下載了「OpenLDAP的」,但現在用命令:OpenLDAP - TDS - 無法聯繫LDAP服務器(-1)

ldapsearch -H ldaps://myhostadress:636

我總是得到以下錯誤:

ldap_sasl_interactive_bind_s: Can't contact LDAP serv 
additional info: error:14090086:SSL routines: 
:certificate verify failed (self signed certificate)

我重視我的命令「-d1」的詳細信息,並得到:

ldap_url_parse_ext(ldaps://xxx:636) 
ldap_create 
ldap_url_parse_ext(ldaps://xxxx:636/??base) 
ldap_pvt_sasl_getmech 
ldap_search 
put_filter: "(objectclass=*)" 
put_filter: simple 
put_simple_filter: "objectclass=*" 
ldap_send_initial_request 
ldap_new_connection 1 1 0 
ldap_int_open_connection 
ldap_connect_to_host: TCP xxxxx:636 
ldap_new_socket: 360 
ldap_prepare_socket: 360 
ldap_connect_to_host: Trying 9.xxxxxx:636 
ldap_pvt_connect: fd: 360 tm: -1 async: 0 
attempting to connect: 
connect success 
TLS trace: SSL_connect:before/connect initialization 
TLS trace: SSL_connect:SSLv2/v3 write client hello A 
TLS trace: SSL_connect:SSLv3 read server hello A 
TLS certificate verification: depth: 0, err: 18, subject: /O=org/OU=OrgUnit 
Germany/CN=xxxxx, issuer: /O=org/OU=OrgUnit 
Germany/CN=xxxx 
TLS certificate verification: Error, self signed certificate 
TLS trace: SSL3 alert write:fatal:unknown CA 
TLS trace: SSL_connect:error in error 
TLS trace: SSL_connect:error in error 
TLS: can't connect: error:14090086:SSL 
routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate). 
ldap_msgfree 
ldap_err2string 
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) 
    additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate)

我認爲這與SSL證書有關!?我讀過一些其他類似問題的線索。這 後,我問我的管理員爲SSL證書,並得到了與以下結構的.pem文件(這只是摘錄):

-----BEGIN CERTIFICATE---- 
mcdp+Kh5Zd3YOttXbjemxIvwfRvPd/Ho4VtBsi5yJT5DSehL4L8ZN 
DKaSL6BQ5MlQ1bsmQQ04PKNBrPKFFIiadi9QsFrUiNCQSKDLSKDSK 
XbjemxIvwfRvPd/Ho4VtBsi5yJT5DSehL4L8ZNIUWEISNSDJKLSDJ 
DKaUiNCXbjemxIvwfRvPdHo4VtBsi5yJT5DSSDKOSOÖDKJLSDJKSD 
hL4L8ZNL6BQ5MlQ1bsmQQ04PKNBrPKFFIiadi9QsFrUiNCJKLSADN 
..................................................... 
..................................................... 
-----END CERTIFICATE-----

我有什麼,現在怎麼辦?爲榮譽證書OpenLDAP的文件夾是

`C:\OpenLDAP-2.4.43\etc\certs

,並在配置文件中,

`C:\OpenLDAP-2.4.43\etc\openldap`

Performing ldapsearch over TLS/SSL against Active Directory解釋並添加到我的ldap.conf

HOST hostxyz.com 
PORT 636 
TLS_CACERT \etc\certs\trustKey.cer  // C:\OpenLDAP-2.4.43\etc\cert\trustKey.cer ; .pem file changed into .cer file 
TLS_REQCERT demand

,並開始我曾嘗試電話ldapmodify -H ldaps://hostxyz.com:636 但我總是得到錯誤提到。

問候

來源

2016-09-16 InfoEngi

+0

[ldapsearch ssl/tls可能重複不起作用](http://stackoverflow.com/questions/9468137/ldapsearch-over-ssl-tls-doesnt-work) –

+0

我試圖調整它,但它仍然不起作用,所以我更新了我的問題。 – InfoEngi

回答

0

我也得到了一個文件「trustKeyStore.jks」,我試圖

ldapsearch -h ldaps://myhostadress.com -K c:/truststore.jks

那麼我得到的錯誤,即-K是一個無效的選項。但我已經讀過,「-k」是trustedkeyStore的參數。

來源

2016-09-19 10:16:14 InfoEngi

相關問題

 相關問題