I'm setting up Lothar's notification driver here and starting to work
with it. So far, so good, except I can't get ldaps working. ldap (389)
works fine.

DStrace shows that this is clearly a certificate problem:


13:43:06 B5E6CBA0 LDAP: New TLS connection 0x14a06780 from
131.156.12.6:8809, monitor = 0x8187dba0, index = 1
13:43:06 8187DBA0 LDAP: Monitor 0x8187dba0 initiating TLS handshake on
connection 0x14a06780
13:43:06 7EFA4BA0 LDAP: (131.156.12.6:8809)(0x0000:0x00) DoTLSHandshake
on connection 0x14a06780
13:43:06 7EFA4BA0 LDAP: (131.156.12.6:8809)(0x0000:0x00) TLS accept
failure 1 on connection 0x14a06780, setting err = -5875. Error stack:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown - SSL alert number 46
13:43:06 7EFA4BA0 LDAP: (131.156.12.6:8809)(0x0000:0x00) TLS handshake
failed on connection 0x14a06780, err = -5875
13:43:06 7EFA4BA0 LDAP: BIO ctrl called with unknown cmd 7
13:43:06 7EFA4BA0 LDAP: Server closing connection 0x14a06780, socket
error = -5875
13:43:06 7EFA4BA0 LDAP: Connection 0x14a06780 closed
13:43:06 B5E6CBA0 LDAP: New TLS connection 0x14a06780 from
131.156.12.6:8810, monitor = 0x8187dba0, index = 1
13:43:06 8187DBA0 LDAP: Monitor 0x8187dba0 initiating TLS handshake on
connection 0x14a06780
13:43:06 82288BA0 LDAP: (131.156.12.6:8810)(0x0000:0x00) DoTLSHandshake
on connection 0x14a06780
13:43:06 82288BA0 LDAP: (131.156.12.6:8810)(0x0000:0x00) TLS accept
failure 1 on connection 0x14a06780, setting err = -5875. Error stack:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown - SSL alert number 46
13:43:06 82288BA0 LDAP: (131.156.12.6:8810)(0x0000:0x00) TLS handshake
failed on connection 0x14a06780, err = -5875
13:43:06 82288BA0 LDAP: BIO ctrl called with unknown cmd 7
13:43:06 82288BA0 LDAP: Server closing connection 0x14a06780, socket
error = -5875
13:43:06 82288BA0 LDAP: Connection 0x14a06780 closed


I'm currently leaving the LdapTlsKeystore GCV blank. I'd like to not have
to create my own keystore for this, if possible.

The driver is running on the server that is also the LDAP server (this is
a test environment anyway). But this is a multi-instance eDir 8.8 server,
so could the driver not be finding the correct keystore for this
particular instance?



--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.