我想尝试通过 ldapsearch 连接到 TDS - 服务器。首先,我下载了“OpenLDAP”,但现在使用命令:
ldapsearch -H ldaps://myhostadress:636
我总是收到以下错误:
ldap_sasl_interactive_bind_s: Can't contact LDAP serv
additional info: error:14090086:SSL routines:
:certificate verify failed (self signed certificate)
我附加了我的命令“-d1”以获取更多信息并得到:
ldap_url_parse_ext(ldaps://xxx:636)
ldap_create
ldap_url_parse_ext(ldaps://xxxx:636/??base)
ldap_pvt_sasl_getmech
ldap_search
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP xxxxx:636
ldap_new_socket: 360
ldap_prepare_socket: 360
ldap_connect_to_host: Trying 9.xxxxxx:636
ldap_pvt_connect: fd: 360 tm: -1 async: 0
attempting to connect:
connect success
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, err: 18, subject: /O=org/OU=OrgUnit
Germany/CN=xxxxx, issuer: /O=org/OU=OrgUnit
Germany/CN=xxxx
TLS certificate verification: Error, self signed certificate
TLS trace: SSL3 alert write:fatal:unknown CA
TLS trace: SSL_connect:error in error
TLS trace: SSL_connect:error in error
TLS: can't connect: error:14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate).
ldap_msgfree
ldap_err2string
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
additional info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate)
我认为这与 ssl 证书有关!?我读过一些其他有类似问题的帖子。 之后,我向管理员索要 ssl 证书,并获得了具有以下结构的 .pem 文件(它只是一个摘录):
-----BEGIN CERTIFICATE----
mcdp+Kh5Zd3YOttXbjemxIvwfRvPd/Ho4VtBsi5yJT5DSehL4L8ZN
DKaSL6BQ5MlQ1bsmQQ04PKNBrPKFFIiadi9QsFrUiNCQSKDLSKDSK
XbjemxIvwfRvPd/Ho4VtBsi5yJT5DSehL4L8ZNIUWEISNSDJKLSDJ
DKaUiNCXbjemxIvwfRvPdHo4VtBsi5yJT5DSSDKOSOÖDKJLSDJKSD
hL4L8ZNL6BQ5MlQ1bsmQQ04PKNBrPKFFIiadi9QsFrUiNCJKLSADN
.....................................................
.....................................................
-----END CERTIFICATE-----
我现在需要做什么?证书的 OpenLDAP 文件夹是
`C:\OpenLDAP-2.4.43\etc\certs
和配置文件,
`C:\OpenLDAP-2.4.43\etc\openldap`
我已按照 Performing ldapsearch over TLS/SSL against Active Directory 中的说明进行了尝试并添加到我的 ldap.conf
HOST hostxyz.com
PORT 636
TLS_CACERT \etc\certs\trustKey.cer // C:\OpenLDAP-2.4.43\etc\cert\trustKey.cer ; .pem file changed into .cer file
TLS_REQCERT demand
并使用ldapmodify -H ldaps://hostxyz.com:636开始调用
但我总是收到提到的错误。
最诚挚的问候
最佳答案
这对我有用!
将其添加到文件/etc/openldap/ldap.conf
TLS_REQCERT allow
然后重新启动 LDAP
systemctl restart slapd
systemctl enable slapd
关于ssl - OpenLDAP - TDS - 无法联系 LDAP 服务器 (-1),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39533344/