Re: [squid-users] LDAP & Novell

Note: To be able to use the Squid LDAP helpers your relly need to be
able to first use the OpenLDAP tools to connect to your LDAP server. If
you cannot get the OpenLDAP tools to connect then the Squid helpers
almost certainly won't be able to either..

Finding LDAP server community or vendor support is also most likely a
lot easier when using the OpenLDAP tools as reference.

Regards
Henrik

Tim Bernhardson wrote:
>
> Yes, We are running an SSL enabled ldap server.
>
> The connection starts then fails (the message on the Novell Server is - SSL handshare failed, Error -25
>
> I've looked up what documentation I can find and error # 25 is not listed...
>
> I did export the Root cert from Novell (and convert it from DER to PEM), and add the line CAPath=<directory> to the ldap.conf file.
>
> When I have a chance today I will be placing a question about the 25 error on one of the Novell Forums to see if anyone there has an idea.
>
> Tim
> >>> "Dan Cave" <mogul@totalise.co.uk> 12/17/02 03:16AM >>>
> Tim,
>
> Is you Novell NDS server running an SSL enabled ldap server? you need to
> make sure that any connections between your squid box and novell server
> must be ssl'd (if that's what you want to achieve, otherwise normal )
>
> Does your squid server have a valid ssl certificate?
>
> try doing a strace/lsof/ptrace of your squid process to see whats going on
> when you try and connect to the novell box.. that'll point you in the right
> direction.
>
> dan
>
> ----- Original Message -----
> From: "Tim Bernhardson" <TBERNHAR@sunmaid.com>
> To: <squid-users@squid-cache.org>
> Sent: Monday, December 16, 2002 6:41 PM
> Subject: RE: [squid-users] LDAP & Novell
>
> I am at the same point Jay is at in attempting to get ldap authentication
> via SSL to Novell NDS.
>
> When I try squid_ldap_auth (or ldapsearch) from the command line I get the
> message "squid_ldap_auth: WARNING, could not bind to binddn 'Can't contact
> LDAP server'" (if I take out the SSL options it works fine).
>
> I'm thinking at this point that it is a problem between openssl & Novell
> since I can connect to the Novell server & do queries with no problems using
> a Java Utility (ldapbrowser) that uses JSSE instead of OpenSSL.
>
> Does anyone have this running against Novell NDS using SSL with the Novel
> server using self signed certificates (I ran the command 'openssl
> s_client -connect novellserver:636' to double check the SSL Cert and the
> only error that came up was that it was a self signed certificate).
>
> Tim Bernhardson
> Senior Technical Engineer
> Certified Citrix Metaframe Administrator
> Certified CyberGuard Administrator
> Certified AIX 4.3 System Administrator
> Sun-Maid Growers of California
> 7273 Murray Drive, Ste 18
> Stockton, CA 95210
>
> tbernhar at sunmaid dot com
Received on Tue Dec 17 2002 - 14:42:58 MST