[i=s] 本帖最后由 shengxijoy 于 2011-9-2 09:36 编辑 [/i]
我用client验证
openssl s_client -connect ldapserver:636 -showcerts -state -CAfile /etc/openldap/cacerts/cacert.pem
已经通过了。
CONNECTED(00000003)
---
No client certificate CA names sent
---
SSL handshake has read 1527 bytes and written 325 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: E0EF7C94266FFB50E6A8CE0184C3BED1D561AA39213978CB832EB0018B34F94B
Session-ID-ctx:
Master-Key: 5CFF217D0313C7DBBEA4C2EC4D18A4A9823B931252E04B4AEBE870CC3EB3A4C82CA0983EFB26B7F81C1AA51B8D048B03
Key-Arg : None
Start Time: 1314883834
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
ldapsearch -x -H ldaps://ldapserver也成功返回
但是用ldap做系统用户验证总是过不去。 比如su - user1半天没有反应,日志如下
Sep 1 21:31:15 ldapserver slapd[13417]: conn=1163 fd=18 ACCEPT from IP=192.168.10.6:42095 (IP=0.0.0.0:636)
Sep 1 21:31:15 ldapserver slapd[13417]: conn=1163 fd=18 TLS established tls_ssf=256 ssf=256
Sep 1 21:31:15 ldapserver slapd[13417]: conn=1163 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Sep 1 21:31:15 ldapserver slapd[13417]: conn=1163 op=0 STARTTLS
Sep 1 21:31:15 ldapserver slapd[13417]: conn=1163 op=0 RESULT oid= err=1 text=TLS already started
Sep 1 21:31:15 ldapserver slapd[13417]: conn=1163 op=1 UNBIND
Sep 1 21:31:15 ldapserver slapd[13417]: conn=1163 fd=18 closed
不知道是什么原因
