eDir to eDir drivers configuration being done in Designer. No matter how
I configure TLS, I'm stuck with an SSL error. On tree one, the trace
shows:


[02/01/11 11:36:33.128]:eDirDriver-LDAP1 ST:: Need new connection.
[02/01/11 11:36:33.128]:eDirDriver-LDAP1 ST:: Connecting to remote
Publisher at 131.156.218.75:9196
[02/01/11 11:36:33.129]:eDirDriver-LDAP1 ST:: Creating an NTLSSocket
[02/01/11 11:36:33.255]:eDirDriver-LDAP1 ST:SubscriptionShim.execute()
returned:
[02/01/11 11:36:33.255]:eDirDriver-LDAP1 ST:
<nds dtdversion="3.5">
<source>
<product instance="eDirDriver-LDAP1" version="3.6.10.4747">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<output>
<status event-id="sles10-cluster-2#20110131154553#2#1" level="retry"
type="app-connection">java.io.IOException: SSL handshake failed,
X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in
certificate chain</status>
</output>
</nds>


On tree two, the trace shows:


[02/01/11 11:34:02.321]:eDirDriver-LDAP1 PT:: Need new connection;
Waiting for remote Subscriber to connect...
[02/01/11 11:34:32.356]:eDirDriver-LDAP1 PT:Receiving DOM document from
application.
[02/01/11 11:34:32.356]:eDirDriver-LDAP1 PT:
<nds dtdversion="3.5">
<source>
<product instance="eDirDriver-LDAP1" version="3.6.10.4747">DirXML
Driver for eDirectory</product>
<contact>Novell, Inc.</contact>
</source>
<input>
<status level="error" type="driver-general">java.io.IOException: SSL
handshake failed, SSL_ERROR_ZERO_RETURN, error:14094418:SSL
routines:SSL3_READ_BYTES:tlsv1 alert unknown ca</status>
</input>
</nds>


The only really useful information I've found so far on this is:

X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
A self-signed certificate exists in the certificate chain.
The certificate chain could be built up using the untrusted
certificates, but the root CA could not be found locally.

which doesn't tell me much.

There's a single forum post from about a year ago where the poster says
he resolved this by recreating the default certificates. This doesn't
make any sense to me, but I tried it just to see if it would help. It
didn't.

Both of these are eDir 8.8.5 on SLES 10.3. The problem is that I can't
figure out what it's complaining about, which is keeping me from figuring
out where to look for it.


--
---------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Novell Knowledge Partner http://forums.novell.com

Please post questions in the newsgroups. No support provided via email.