rob_collins Absent Member.
Absent Member.
1220 views

LDAPS from client workstations not working

I Have a very strange issue. I have a number of servers (OES Linux) that can LDAPS to each other no problems, but if I try from a client (windows or Opensuse) I can connect via 389 but not 636.

I have checked and validated all the certs and I can Https to these servers, and as the other servers can use LDAPS to each other I think that the certs are fine.

Maybe the certs are not being pushed to the clients for some reason, I do not know.

Any ideas?
Labels (2)
0 Likes
7 Replies
Knowledge Partner
Knowledge Partner

Re: LDAPS from client workstations not working

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Most of the time this is because of a bad client; things like Softerra
have caused problems for year. Try Apache Directory Studio which I use
all of the time on LDAP systems of all types.

http://directory.apache.org/studio/

Good luck.





On 03/30/2011 08:36 AM, rob collins wrote:
>
> I Have a very strange issue. I have a number of servers (OES Linux) that
> can LDAPS to each other no problems, but if I try from a client (windows
> or Opensuse) I can connect via 389 but not 636.
>
> I have checked and validated all the certs and I can Https to these
> servers, and as the other servers can use LDAPS to each other I think
> that the certs are fine.
>
> Maybe the certs are not being pushed to the clients for some reason, I
> do not know.
>
> Any ideas?
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNk0F6AAoJEF+XTK08PnB5X+MP/Ay+XMBQbCTaVJPYVFZYKeFB
UsGhnR1Fq6kvDpr5otHEmPsfipmlZsqbu5KKRV+WptiexGSkPgBdI59v1T1Tk5Qb
6W1mrstnAs9EQGCgZ1/utxpL26AFTiiJsjGrjrGvWpGF4ygYEvud4a6KlO4i+13r
kx+wt1h6zkvJOvU5q8QJOSSneSXHHxElqDZN2oWN7IxNeQL2I05jyZhOtCkIFaQV
4nFJbQHYAT14gxLy3WJyvXpST/EMhJUYGjtW+ZXb7x3db86kKcgDU+fgdTV/60b5
TZftGEqtCd0aqyg55N1W8Jp9kacJU4ULh78lDlhEHnIFvUeA3udFc4CPVpXfTt9t
Kppcy6B21T2s2ujm4DYc9mNpdISbifJY72FNNXM2aPYDgVDgBG+0HlWWgyjUx6mZ
qcwUrJbQ7XhTEaJrK3Palrp64wbqigVuT5RX5vnPQc+wN2Sc62NHucH2djcR3nwt
STBCeiKMzIg1UR1HWjmTnQsYE1FCzvJHOTAFlTWISoPLAXgXakCPy+wkm23xnT8v
VKrSGcfmRRDdJYwD+GILgdvGJN9Z8kMCrrdhaMFIZgOdXWpdmV4qtbhwZOQJK5KY
A0aJQmu8wX9yL4OzrzT6kXs2uQU2bSPxyCwXtmzoW+3C+FCabBK/2edR/9evfpNq
LZaNH+P/BU/6bRwvlkNN
=NFK0
-----END PGP SIGNATURE-----
0 Likes
rob_collins Absent Member.
Absent Member.

Re: LDAPS from client workstations not working

Thanks ab, I have tried that but it still tells me socket closed <IP address>:636.

Looks like a great program though.
0 Likes
Knowledge Partner
Knowledge Partner

Re: LDAPS from client workstations not working

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yes... best program I've found by far. A socket being closed from the
start would prevent a connection from ever happening, but a socket closing
after the start of the connection could be for any number of reasons. Is
this eDirectory's LDAP interface or an OpenLDAP port on the server side?

Good luck.





On 03/30/2011 09:36 AM, rob collins wrote:
>
> Thanks ab, I have tried that but it still tells me socket closed <IP
> address>:636.
>
> Looks like a great program though.
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNk2MrAAoJEF+XTK08PnB5n24QAKHEuW8XQVHz1EBMFKSXY3Si
+6BjbGHtN88dYCH0DeUuQdxZGCPOskbOJdZUv7OVGeVrwdKJMl1S8P8e0PR9JQCB
mp1OEe4fnR6rZ38lybbV+WSAcP287zYfuYmgdl1MJjBwgFKHSeQdk7KAI3F2CVOP
Q++U8LiaOIeWaV6qhpK9V2Fm++nQPF6nuwVKpy2J6wDCh1kA2P7LPR6zizBguxrr
Txco/3mXcN7VxnRNcyvCGuYQuoO2s+9IYshMRU9kpFg8PCiHsyElY4sKqtH3upjw
MFhQAPKrgwEzZ0jF2fx2ZZAHrXAlGDJI/VMENubW/r+Lx0N5qj4u3VfDGcbHzkK5
v4lPWvH/u15uZtiKexus45OlxdKm1SpuMftC2K6vHS0iO2NIsohT+ElWUhpSwW4W
fHjl1TyOd9Ff8P8d1O8XOk+Cb39Lm59suQx0/qHSOx0W7JOqXnggKyXplaSTw3Va
jEWKef1Gh4GFdAin4MDLgK29PuqS+cx/sfRkJkj4W2/jhVjc2FsdwXdgbYKgB94G
Np3Y3EWOw+Sw4hA+2Joe77zgftkCZAbG/+XMT/lRnROo41yTyfh6XUBK0q/GN8/m
swdm86uWEpEXB/q/H8BhXMRQ7jfsYnWZbW3nWtYJH3zShtSCYdxqlW/KDMa9mGkh
uAiZHbnkblwoTMTC53Ba
=A5IR
-----END PGP SIGNATURE-----
0 Likes
rob_collins Absent Member.
Absent Member.

Re: LDAPS from client workstations not working

HI AB,

My Apologies to you as you were correct, I tried that download on a different workstation and it worked perfectly. Strange how the LDAP browser in my OpenSuse laptop fails as well, although knowing linux it has stored an old cert somewhere and that is why it is failing.

Thanks for your help. I rest easier now knowing it is actually working.
0 Likes
Knowledge Partner
Knowledge Partner

Re: LDAPS from client workstations not working

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good to hear. Thank-you for posting back your results.

Good luck.





On 03/31/2011 04:06 AM, rob collins wrote:
>
> HI AB,
>
> My Apologies to you as you were correct, I tried that download on a
> different workstation and it worked perfectly. Strange how the LDAP
> browser in my OpenSuse laptop fails as well, although knowing linux it
> has stored an old cert somewhere and that is why it is failing.
>
> Thanks for your help. I rest easier now knowing it is actually working.
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNlHRAAAoJEF+XTK08PnB55ZcP/isyGGDYgqCAm+7bEEaFZ9Lc
jfHX8/BkLJN0leLAJrkfvpdikqhpmgiEgf4ccRAU5KafPGx2EcaLjc5PrQJkavVh
OFiBTCi/5FuO3oh5tk9B/ZqV+pDmgp8sHyFTSuLQibTAhKdXqfkche1EUoAZDBx+
GrPhv9XTFF7Q+6i1+yeVTYUl9uqBY77VfAcIKcID64zGTmy3Z8dvOwaZTuG0djq9
XGoCtiwsmwLkzegWKI/5Nb6sujTS4DF5tRQZxo3HMMe5j0Kw35Zc67E1bsM2TyLa
YxnZuOBiv6Tv/nPg9FKl1JDrsoyDiJNsaYLSo/re68M/a2giCwsL0DtMuuFGFUAK
QTui/x3tYmOabBt8meZkne11CCVz6KpRMMM6qlSwugkNQk7Do0zWLqr/88w1o1T0
EXXgNgMYKxYlE8P/SRe6zXgZ5rVbrYSMIL+X4PoyFe7ZnI2+j3k+5/F7LpCYco5L
Q6dMCqdcG/cEdLuBNNNNs8UOO1Mq1Yu0HZ7FVuEzptHXnBxIR4UVV+RBt0O7uLcy
brnciIOWe2KmaIxV3iJlC9TRCQNlftBb9xAf4NoLPO5FgScdiOxlHlh9EAhXFwQq
tHMBs86mSSQNhRkGmrBQajA32AUhEk3jmAMWdFwb3xyaQgZab3jsmKRvnvpLD4cd
ld7PT9U2FAkjUTlH6DxC
=xJ6b
-----END PGP SIGNATURE-----
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: LDAPS from client workstations not working

* ab (Wed, 30 Mar 2011 17:06:51 GMT)
> Yes... best program I've found by far. A socket being closed from the
> start would prevent a connection from ever happening, but a socket
> closing after the start of the connection could be for any number of
> reasons.


It's not "closing" but "closed" -> "eDirectory not listening on the TLS
port". That would be of course the first thing to check ("netstat -tapn
| grep :636" and "nmap -p 636" from the client)1

Thorsten
0 Likes
Knowledge Partner
Knowledge Partner

Re: LDAPS from client workstations not working

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

See the original post.... connections to 636 work from other servers.

Good luck.





On 03/31/2011 08:10 AM, Thorsten Kampe wrote:
> * ab (Wed, 30 Mar 2011 17:06:51 GMT)
>> Yes... best program I've found by far. A socket being closed from the
>> start would prevent a connection from ever happening, but a socket
>> closing after the start of the connection could be for any number of
>> reasons.

>
> It's not "closing" but "closed" -> "eDirectory not listening on the TLS
> port". That would be of course the first thing to check ("netstat -tapn
> | grep :636" and "nmap -p 636" from the client)1
>
> Thorsten

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNlScQAAoJEF+XTK08PnB5x3MQAJyJNlHuuf7UxS0atcOvxYtB
TRKnO2vJ8e0EQUxspzkyI19V3zscTYbOqKw/Nk8wlUzDbu1KU5k8GJ7zLW3Ue1x3
d4Ujellog1SM2RaBbVsqMaFkGYucBAW/xsXip8kZipr/HJqpkeDY0RWUETEOw5Bu
3gdgwi2Lj4Q05YFMk8m89FG2pQhmXaJM3H6F9hS3gFrosTr9K7Etu7PxzXUoGB7Z
gEM8FZa9d0IC9NQN6zmSMGqsgE9ie0W4/5AWfyClNseW+7AjTvnoGV4Yvic5VCXL
w7r11k7fLZmx3/fLvMWiYjyF19DC7wAddQsNJKQHMXCHSwRE0860BGtG4qHl3EWk
OuAvGwBw9d+gsLmDy9QaaX2tXAP05DR0cFqEXuTzYMIw+Mw4Wr80WeyYyE241g+s
FjRzBZPFH7THxv+Tn6Bql2iFceWAw4Os8ZU0ua8PqkAnCxONGaYA/1rVS+MEqw3X
CO8z9zOFYsrKvcKJP8XoQ8IS4hHcVG5+3CZElwNDS3Mh7Gx1JUwPr06mfQXwiBpA
eseeE0MpGnXLMlJ0HaLz1qKcpJ1BJuTdrc+UsYA5P6eDbxXwhHdBXGekWWbrLMwV
pIvfhNumtefIZSqnW+8zLDgSfTHUgNNFnwyFsVP2LAfrmTzZWbPbpM8/vvYek5dG
PuYq+/WciSauVNGPHRPJ
=4FW/
-----END PGP SIGNATURE-----
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.