SSL Connect To LDAP

Hello.

I have a Delphi program that is trying to connect to LDAP on port 636 hosted
by Netware 6.5.  I get a "Server Down" error from Microsoft's winldap.h

Just a note, everything works fine when I connect using java over SSL.

Here is the DSTRACE:
TLS accept failure 5 on connection 0xbf9dae00, setting err = -5875. Error
stack:
TLS handshake failed on connection 0xbf9dae00, err = -5875

Here is the TCP trace (10.10.1.190 is the client, 10.10.1.70 is the server):
No.     Time        Source                Destination           Protocol
Info
      9 2.814087    10.10.1.190           10.10.1.70            TCP
2512 > ldaps [SYN] Seq=0 Ack=0 Win=64240 Len=0 MSS=1460
     10 2.814228    10.10.1.70            10.10.1.190           TCP
ldaps > 2512 [SYN, ACK] Seq=0 Ack=1 Win=6144 Len=0 MSS=1460
     11 2.814248    10.10.1.190           10.10.1.70            TCP
2512 > ldaps [ACK] Seq=1 Ack=1 Win=64240 Len=0
     12 2.827433    10.10.1.190           10.10.1.70            SSLv2
Client Hello
     13 2.827696    10.10.1.70            10.10.1.190           TCP
ldaps > 2512 [ACK] Seq=1 Ack=79 Win=7604 Len=0
     14 2.828269    10.10.1.70            10.10.1.190           TLS
Server Hello, Certificate, [Unreassembled Packet]
     15 2.828391    10.10.1.70            10.10.1.190           TLS
Continuation Data, Continuation Data, [Unreassembled Packet]
     16 2.828412    10.10.1.190           10.10.1.70            TCP
2512 > ldaps [ACK] Seq=79 Ack=2921 Win=64240 Len=0
     17 2.828683    10.10.1.70            10.10.1.190           TLS
Continuation Data, [Unreassembled Packet]
     18 2.844029    10.10.1.190           10.10.1.70            TCP
2512 > ldaps [ACK] Seq=79 Ack=4101 Win=63060 Len=0
     19 3.363233    10.10.1.190           10.10.1.70            TCP
2512 > ldaps [FIN, ACK] Seq=79 Ack=4101 Win=63060 Len=0
     20 3.363362    10.10.1.70            10.10.1.190           TCP
ldaps > 2512 [ACK] Seq=4101 Ack=80 Win=7603 Len=0
     21 3.363603    10.10.1.70            10.10.1.190           TCP
ldaps > 2512 [FIN, PSH, ACK] Seq=4101 Ack=80 Win=7603 Len=0
     22 3.363616    10.10.1.190           10.10.1.70            TCP
2512 > ldaps [ACK] Seq=80 Ack=4102 Win=63060 Len=0


Thanks,
Bruce Holt


0
Bruce
6/30/2004 8:12:26 PM
novell.edirectory.netware 7858 articles. 0 followers. Follow

2 Replies
603 Views

Similar Articles

[PageSpeed] 9

Bruce Holt,

Please ask in the developer forums instead. The folks
over there are better suited to answer this one.

The developer forums are located at nntp://developer-forums.novell.com
and
http://developer.novell.com

Thanks


-- 
//Niclas Ekstedt
____________________________________
Niclas Ekstedt, CNA, CNE, CNS
Network Consultant/NSC Sysop
InfraSystems Solutions AB
____________________________________
Using XanaNews 1.16.3.1
(Sorry, support is not provided via e-mail)
0
Niclas
7/1/2004 7:03:20 PM
Bruce Holt wrote:

> Hello.
> 
> I have a Delphi program that is trying to connect to LDAP on port 636 hosted
> by Netware 6.5.  I get a "Server Down" error from Microsoft's winldap.h
> 
> Just a note, everything works fine when I connect using java over SSL.
> 
> Here is the DSTRACE:
> TLS accept failure 5 on connection 0xbf9dae00, setting err = -5875. Error
> stack:
> TLS handshake failed on connection 0xbf9dae00, err = -5875

5875's usually mean the cert for the LDAP server is busted... If you run 
on teh console:
dstrace
dstrace screen on
dstrace -all +ldap

	Then unload nldap, load nldap and watch the DStrace screen you should 
see an error about NTLS cannot load and it too may have a 5000 series error.

	In Console1 or iManager go to the LDAP Server object (might be Group 
object, I always forget) for this server, and look at the SSL settings, 
for the Server certificate...

	Basically this TID covers getting LDAP over SSL working well...

http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090732.htm
0
Geoffrey
7/2/2004 3:05:14 PM
Reply:

Similar Artilces:

How to connect to ldap with edirectory in netware
I have a windows applicaton that is PDExpress and it gives me the ability to connect to a ldap server. Since my server is netware with edirectory, I like to know how to connect server through LDAP? Could some give me some info. Thanks.. Sang, > I have a windows applicaton that is PDExpress and it gives me the ability > to connect to a ldap server. Since my server is netware with edirectory, > I like to know how to connect server through LDAP? > Generally you need the server IP, the port (ie unsecure/secure) and the search base (ie O=Acme). I am not familiar...

superreview requested: [Bug 206018] ldap connections not close properly, LDAP/SSL triggers internal failure error message. : [Attachment 206568] fix ab quick search ldap leak
David Bienvenu <bienvenu@nventure.com> has asked Scott MacGregor (out of town December 10th-17th) <mscott@mozilla.org> for superreview: Bug 206018: ldap connections not close properly, LDAP/SSL triggers internal failure error message. https://bugzilla.mozilla.org/show_bug.cgi?id=206018 Attachment 206568: fix ab quick search ldap leak https://bugzilla.mozilla.org/attachment.cgi?id=206568&action=edit ------- Additional Comments from David Bienvenu <bienvenu@nventure.com> we had a reference cycle between the listener and the ldapdirectoryquery - since the ldapd...

superreview granted: [Bug 206018] ldap connections not close properly, LDAP/SSL triggers internal failure error message. : [Attachment 206568] fix ab quick search ldap leak
Scott MacGregor (out of town December 10th-17th) <mscott@mozilla.org> has granted David Bienvenu <bienvenu@nventure.com>'s request for superreview: Bug 206018: ldap connections not close properly, LDAP/SSL triggers internal failure error message. https://bugzilla.mozilla.org/show_bug.cgi?id=206018 Attachment 206568: fix ab quick search ldap leak https://bugzilla.mozilla.org/attachment.cgi?id=206568&action=edit ...

Connecting to NetWare LDAP
We use NetWare LDAP and eDirectory. Can someone point me to an example on how to write an aspx vb login page that will authenticate the credentials against NetWare LDAP?Thanks.  Hi I you not use MS LDAP you need to user Forms_authentication. IIS not support the impersonate with Novell Directory. For Netware we are using the IP/Works or IP/Works SSL LDAP and LDAPS Controls. They works fine. This Control works fine with LDAP and Certificate Authentication with novell directory. Check the nsoftware.com Lett me know if you need more help or some Example. Its also possible to use...

SSL LDAP to eDirectory
I unable to configure a Redhat 7.2 Linux/VMware ESX system to talk to eDirectory using SSL. The system has no problem with-out SSL. I have read most of the articles and discussions concerning this and still have reached a dead end. I was able to communicate to the server using SSL through Windows based ConsoleOne's NDS Export/Import wizard. When I try authenticating through SSL on the Linux system the eDirectory server indicates an error 5875 and closes the connection. I believe this has to be related to the certificate. Any assistance is greatly appreciated. Jball...

superreview requested: [Bug 206018] ldap connections not close properly, LDAP/SSL triggers internal failure error message. : [Attachment 141248] proposed fix
David Bienvenu <bienvenu@nventure.com> has asked Scott MacGregor <mscott@mozilla.org> for superreview: Bug 206018: ldap connections not close properly, LDAP/SSL triggers internal failure error message. http://bugzilla.mozilla.org/show_bug.cgi?id=206018 Attachment 141248: proposed fix http://bugzilla.mozilla.org/attachment.cgi?id=141248&action=edit ------- Additional Comments from David Bienvenu <bienvenu@nventure.com> Clearing the nsLDAPOperation only turns out to be needed when doing quick search in the AB, not when doing auto complete... ...

superreview granted: [Bug 206018] ldap connections not close properly, LDAP/SSL triggers internal failure error message. : [Attachment 141248] proposed fix
Scott MacGregor <mscott@mozilla.org> has granted David Bienvenu <bienvenu@nventure.com>'s request for superreview: Bug 206018: ldap connections not close properly, LDAP/SSL triggers internal failure error message. http://bugzilla.mozilla.org/show_bug.cgi?id=206018 Attachment 141248: proposed fix http://bugzilla.mozilla.org/attachment.cgi?id=141248&action=edit ...

LDAP SSL Connection Error
I'm trying to connect to our company's LDAP server using SSL from inside a session EJB and I'm getting the following error message from a PrintStackTrace statement: Aug 22 08:32:38 2002: java.sql.SQLException: JZ013: Error obtaining JNDI entry: ldap://myURL:636/servername=coserver,uid=myUID,ou=applications,dc=subdomain,dc=d omain. Error message: javax.naming.CommunicationException: myURL:636 [Root exception is java.net.SocketException: SSL implementation not available] Aug 22 08:32:38 2002: at com.sybase.jdbc.ErrorMessage.raiseError (ErrorMessage.java) Aug 22 08:32:38 2...

Ldap connection using SSL
I am coming into this LDAP code in the maintinence cycle so someone else wrote it and I do not have a ton of LDAP experience.  That being said, it seems like a simple connection to a server.  I do not understand why the SecureSocketLayer value will not allow me to set it to true.  It has a value of false and no matter what I seem to do I can't set it to true.  I'm obviously missing something.  Please let me know if you have any ideas.             try         &...

Connect to LDAP-server over ssl
Hi guys!I desperately try to connect to my ldap-server via ssl, but this doesn't work. Here's my code:Dim identifier As New LdapDirectoryIdentifier(m_strServer, 636) Connection() = New LdapConnection(identifier, Nothing, AuthType.Basic) Connection().SessionOptions.ProtocolVersion = 3 Connection().Credential = New NetworkCredential(strUserName, strUserPassword) Connection().SessionOptions.SecureSocketLayer = True Connection().AuthType = AuthType.Basic 'trying to bind to the server after clicking OK-button Try Connection().Bind() Catch ex As Exception Ret...

SSL connect to LDAP #2
Hello. I have a Delphi program that is trying to connect to LDAP on port 636 hosted by Netware 6.5. I get a "Server Down" error from Microsoft's winldap.h Just a note, everything works fine when I connect using java over SSL. Here is the DSTRACE: TLS accept failure 5 on connection 0xbf9dae00, setting err = -5875. Error stack: TLS handshake failed on connection 0xbf9dae00, err = -5875 Here is the TCP trace (10.10.1.190 is the client, 10.10.1.70 is the server): No. Time Source Destination Protocol Info 9 2.814087 10.1...

superreview granted: [Bug 206018] ldap connections not close properly, LDAP/SSL triggers internal failure error message. : [Attachment 141830] fix addressing Dan's comments
David Bienvenu <bienvenu@nventure.com> has granted David Bienvenu <bienvenu@nventure.com>'s request for superreview: Bug 206018: ldap connections not close properly, LDAP/SSL triggers internal failure error message. http://bugzilla.mozilla.org/show_bug.cgi?id=206018 Attachment 141830: fix addressing Dan's comments http://bugzilla.mozilla.org/attachment.cgi?id=141830&action=edit ------- Additional Comments from David Bienvenu <bienvenu@nventure.com> carrying forward mscott's sr. ...

Cannot connect to eDir using ldap with ssl
Hi NG, I have a problem with the ssl connection to a eDir server: - Netware 6.5 SP3 (389 and 636 are open) - Client is SLES 9 with openldap2-client-2.2.24-4.5 Connection over 389 is OK. I exported the Root-Cert and configured the linux client as described in TID 10097214. my /etc/openldap/ldap.conf looks like this: ------- BASE o=company URI ldaps://ldap.company:636 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never #TLS_REQCERT demand ssl start_tls ssl on tls_cacertfile /etc/ssl/RootCert.der ----- The Cert (der-file) exists in /etc/ssl ! When I...

SSL connection between Webserver and Ldap-server
 Hi! I developed an asp.net application which runs on an IIS webserver. Now I want to establish a ssl-connection between the webserver and a ldap-server. My question is, how I can do that. I've also got a certificate which is issued by an CA if that helps. Thanks and best regards,enne  I can't believe that nobody has developed an asp.net application yet which should establish a ssl connection to another server. Hi enne87, I developed an asp.net application which runs on an IIS webserver. Now I want to establish a ssl-connection between the webserve...

Juniper SSL VPN and EDirectory or LDAP
Hello, We are using Juniper's SSL VPN and Novell radius. Does anyone know how to have Edir or LDAP setup to authenticate instead of radius? If you have any documentation that would be great. Thanks -- cnakagaw ------------------------------------------------------------------------ cnakagaw, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Visit http://support.novell.com and...

SSL + LDAP on Netware 5.1
we have setup authenication via LDAP and this works fine, with clear text passwords and no SSL. When we enable SSL and reload nLDAP it fails to initialise the SSL certificate, I have created the certificate as per Novell tids and exports them and disabled the clear text password and proxy authenication. Any help on this matter would be appreciated. w.halsall@farn-ct.ac.uk wrote: > we have setup authenication via LDAP and this works fine, with clear > text passwords and no SSL. When we enable SSL and reload nLDAP it > fails to initialise the SSL certificate, I have c...

Netware 5.0 to Netware 6.5 eDirectory failed during eDirectory migration
Hello, Does anyone have a recommendation for fixing a failed eDirectory Acrross the wire migration? The file migration went fine, the backup of trustess went fine. During the eDirectory migration when it downed the source server and tried to finish up with the destination server it did not complete. It told me to copy the autoexec.mig to autoexec.ncg if it did not complete. It also had some other files to copy over as well, but I don't know what they are. Help In what state server stays? Can you get it up and running that you could run commands like dsrepair? I run i...

Tomcat JNDIRealm LDAP/SSL eDirectory?
I am having some trouble getting a Tomcat 5.5.12 JNDIRealm on Solaris 9 to authenticate LDAP/SSL against an eDirectory 8.7.3.7 tree on NetWare 6.5 sp4 server. Clear text authentication works fine with the config below: <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://<serverip>:389" userBase="ou=users,o=<container-name>" userSearch="(uid={0})" userSubtree="true" /> I have tried: connectionURL="ldaps://<serverip>:636" as well as various settings of the "protocol= " setting. There are other options which are supposed to be available from http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html and http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/index.html but I am not sure which to use. I will try re-importing the server certificate again. Anyone have experience with this task? Thank you, Craig On Fri, 02 Jun 2006 13:02:07 +0000, Craig Thompson wrote: > I am having some trouble getting a Tomcat 5.5.12 JNDIRealm on Solaris 9 > to authenticate LDAP/SSL against an eDirectory 8.7.3.7 tree on NetWare > 6.5 sp4 server. Clear text authentication works fine with the config below: > > <Realm className="org.apache.catalina.realm.JNDIRealm" > de...

upgraded server iFolder ldap ssl not connecting
NW 6.5 server (server A) is primary ldap... after upgrading an older working NW6 server to 6.5 (server B), ifolder on server B starts and runs with cycling error messages trying to contact server A: ifolder_ldap01(server A) ldap_simple_bind can't contact ldap server (81) That message appears 8 times, then i get: ldap ifolder_ldap01(server A) connection restored ldap ifolder_ldap01(server A) down I've found several TID's all recommending exporting rootcert.der which i have tried. I've tried cross exporting certificates from server A to B. LDAP has never been my...

SSL LDAP connection certificate is not listed on server
Hi all. This is actually a basic question. I have one server that IS NOT part of the replica ring. Is this why no SSL certificates are listed in the LDAP secure setting option? The other servers have them listed. Does this server have to be a part of the replica ring to run SLDAP? thanks the CA authority is in the ROOT. Logic tells me, that if the server doesn't have a replica, it can't find the certificate. Suzanne Miles Volunteer Sysop, Novell Support Connection http://support.novell.com/forums/ On Fri, 06 May 2005 14:19:06 +0000, mark wrote: > Is this ...

FreeRADIUS TLS/SSL problem connecting to eDirectory
I'm trying to configure Novell OES SP2 to use FreeRADIUS for wireless authentication on a test network. According to the documentation and guides I've read, for a TLS/SSL connection you need to export the CA self signed certificate and change "tls_cacertfile" to point to that file. Then for TLS you need "port=389" and "start_tls=yes". Or for SSL, "port=636" and "tls_mode=yes". Having tried both options, I'm getting errors when FreeRADIUS tries to connect. If I disable the TLS/SSL requirement for LDAP in eDirectory and c...

eDirectory Maintenance Task
Hallo, when I try to use Repair eDirectory under the eDirectory Maintenance Task, I get the following error message: Error: Repair - Error The following 'eMBox Client Exception' occurred WS: Non-secure connection failed: Unable to create a connection to the server. and SSL connection failed: Unable to create a connection to server Other links under eDirectory Maintenance Task Username Password is okay. Everything else in iManager 2.5 runs fine. I try iManager Version 2.5 form Netware 6.5 SP3 OES on two different Testservers. I tried the update eDi...

Authenticate Linux to a NetWare eDirectory via LDAP
We have some Linux boxes and NetWare boxes. The Linux boxes don't have Novell eDirectory installed on them. We would like to use the LDAP to authenticate a Linux box but use the NetWare eDir information to authenticate the user. I have found a Novell TID (10081706) that explains how to do this but accessing a Linux eDir. Does anyone know how we could do this with a NetWare eDir. josee.pronovost@nrc-cnrc.gc.ca wrote: > We have some Linux boxes and NetWare boxes. The Linux boxes don't > have Novell eDirectory installed on them. We would like to use the > LDAP ...

eDirectory with LDAP ports non binding (connection refused)
I have notified this will both Linux and Netware. For some reason, the LDAP module refuses to bind to port 389 and 636. I basically get a connection refused. However eDirectory is running on either Linux or Netware. What gives? and how do I get LDAP service back onto eDirectory? On Mon, 24 Jan 2005 18:20:01 GMT, novell@emptyhole.net wrote: >I have notified this will both Linux and Netware. For some reason, the LDAP >module refuses to bind to port 389 and 636. Is something else on the machine sitting on the port? Have you gone in to the configuration and changed the ports to ...

Web resources about - SSL Connect To LDAP - novell.edirectory.netware

First Capital Connect - Wikipedia, the free encyclopedia
( FCC ) is a British train operating company , owned by FirstGroup , operating the Thameslink Great Northern franchise . FCC operates passenger ...

Connect
mobile photography technology, culture and community www.dpreview.com News Reviews Features Phones Tablets Cameras Apps Forums Mobile photography ...

CloudCraze Connects Consumers To Facebook Brands Via Cloud Technology
Brands on Facebook are always looking for new, efficient ways to connect with customers . CloudCraze, which recently released its 3.0 e-commerce ...

iTunes Connect down for many users; nothing yet showing on Apple’s status page
According to a variety of users on Twitter, iTunes Connect is down at the moment. Users report that they are unable to access any aspect of the ...

ClipCall Connects Users With Service Professionals Through Video
ClipCall has announced the official public launch of its app on iOS and Android. The video home repair app allows users to record videos of their ...

Connect shapes with one path in Linken, an elegant puzzler
For a new puzzle experience with challenging levels, attractive visuals, and a smooth soundtrack, Linken is your game. Just connect the colored ...

Apple launches 'Podcasts Connect' Web portal for managing digital content
Apple on Tuesday made it easier for podcaster to validate, publish and manage their content online with the launch of a new iTunes Connect-based ...

The State of Apple Music Connect
Dave Wiskus: If Connect is a social network, it fails miserably. There’s nothing inherently social about the experience, which feels more like ...

Inside the game-changing data center that connects Seattle to Asia
Puget Sound area companies Wave Broadband and Centeris could strengthen the region’s ties to the some of the world’s largest economies through ...

“Solar Spring Break” Connects Students With Clean Power In Underserved Communities
... the task of installing rooftop solar for low-income families, and learning as they work. The program runs through March 25. Students will connect ...

Resources last updated: 3/12/2016 5:52:49 PM