Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 615685 Details for
Bug 859582
openldap server ignores certificate when moznss cert/key db exists
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Full text output of the installation and configuration of an openldap server, a detailed description of the problem, and details of how to work around it
openldap_bug_how_to_reproduce.txt (text/plain), 20.31 KB, created by
dave
on 2012-09-22 04:52:48 UTC
(
hide
)
Description:
Full text output of the installation and configuration of an openldap server, a detailed description of the problem, and details of how to work around it
Filename:
MIME Type:
Creator:
dave
Created:
2012-09-22 04:52:48 UTC
Size:
20.31 KB
patch
obsolete
>1. yum install openldap-servers > >2. [root@centos6 ~]# cd /etc/openldap/slapd.d/cn=config >[root@centos6 cn=config]# > >3. [root@centos6 cn=config]# perl -i -pe 's/dc=my-domain,dc=com/dc=example,dc=org/g' olcDatabase\=\{1\}monitor.ldif olcDatabase\=\{2\}bdb.ldif >[root@centos6 cn=config]# > >4. [root@centos6 cn=config]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG >[root@centos6 cn=config]# > >5. [root@centos6 cn=config]# chown -R ldap:ldap /var/lib/ldap/ >[root@centos6 cn=config]# > >6. [root@centos6 cn=config]# echo ""|slapadd >The first database does not allow slapadd; using the first available one (2) >[root@centos6 cn=config]# > >7. [root@centos6 cn=config]# slappasswd >New password: changeme >Re-enter new password: changeme >{SSHA}eLfyygqGUVooK/Yj4EeImX43V6bL1J/e > >8. [root@centos6 cn=config]# echo "olcrootpw: {SSHA}eLfyygqGUVooK/Yj4EeImX43V6bL1J/e" >> "olcDatabase={2}bdb.ldif" > >9. [root@centos6 cn=config]# service slapd start >Starting slapd: [ OK ] > >10. [root@centos6 cn=config]# ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts ># extended LDIF ># ># LDAPv3 ># base <> with scope baseObject ># filter: (objectclass=*) ># requesting: namingContexts ># > ># >dn: >namingContexts: dc=example,dc=org > ># search result >search: 2 >result: 0 Success > ># numResponses: 2 ># numEntries: 1 > >11. [root@centos6 ~]# cat example.ldif >dn: dc=example,dc=org >objectclass: dcObject >objectclass: organization >o: Example >dc: example > >dn: cn=Manager,dc=example,dc=org >objectClass: organizationalRole >cn: Manager > >12. [root@centos6 ~]# ldapadd -x -D "cn=Manager,dc=example,dc=org" -W -f example.ldif >Enter LDAP Password: >adding new entry "dc=example,dc=org" > >adding new entry "cn=Manager,dc=example,dc=org" > >13. [root@centos6 ~]# ldapsearch -LLL -x -b 'dc=example,dc=org' '(objectClass=*)' >dn: dc=example,dc=org >objectClass: dcObject >objectClass: organization >o: Example >dc: example > >dn: cn=Manager,dc=example,dc=org >objectClass: organizationalRole >cn: Manager > >14. [root@centos6 ~]# cd /etc/pki/tls/certs > >[root@centos6 certs]# ls >ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile > >15. [root@centos6 certs]# make example.key >umask 77 ; \ > /usr/bin/openssl genrsa -aes128 2048 > example.key >Generating RSA private key, 2048 bit long modulus >.....................+++ >..........+++ >e is 65537 (0x10001) >Enter pass phrase: >Verifying - Enter pass phrase: >[root@centos6 certs]# > >16. [root@centos6 certs]# mv example.key example-with-passphrase.key >[root@centos6 certs]# openssl rsa -in example-with-passphrase.key -out example.key >Enter pass phrase for example-with-passphrase.key: >writing RSA key >[root@centos6 certs]# > >17. [root@centos6 certs]# make example.crt >umask 77 ; \ > /usr/bin/openssl req -utf8 -new -key example.key -x509 -days 365 -out example.crt -set_serial 0 >You are about to be asked to enter information that will be incorporated >into your certificate request. >What you are about to enter is what is called a Distinguished Name or a DN. >There are quite a few fields but you can leave some blank >For some fields there will be a default value, >If you enter '.', the field will be left blank. >----- >Country Name (2 letter code) [XX]: >State or Province Name (full name) []: >Locality Name (eg, city) [Default City]: >Organization Name (eg, company) [Default Company Ltd]: >Organizational Unit Name (eg, section) []: >Common Name (eg, your name or your server's hostname) []:centos6.example.org >Email Address []: >[root@centos6 certs]# > >18. [root@centos6 certs]# openssl verify -CAfile ca-bundle.crt example.crt >example.crt: C = XX, L = Default City, O = Default Company Ltd, CN = centos6.example.org >error 18 at 0 depth lookup:self signed certificate >OK > >19. [root@centos6 certs]# openssl x509 -in example.crt -outform PEM -out example.pem >[root@centos6 certs]# > >20. [root@centos6 certs]# chmod 440 example.crt example.key example.pem >[root@centos6 certs]# chown root:ldap example.crt example.key example.pem > >21. [root@centos6 certs]# ls -l >total 1220 >-rw-r--r--. 1 root root 571450 Apr 8 2010 ca-bundle.crt >-rw-r--r--. 1 root root 651083 Apr 8 2010 ca-bundle.trust.crt >-r--r-----. 1 root ldap 1289 Sep 22 12:33 example.crt >-r--r-----. 1 root ldap 1679 Sep 22 12:33 example.key >-r--r-----. 1 root ldap 1289 Sep 22 12:39 example.pem >-rw-------. 1 root root 1766 Sep 22 12:30 example-with-passphrase.key >-rwxr-xr-x. 1 root root 610 Aug 23 13:55 make-dummy-cert >-rw-r--r--. 1 root root 2242 Aug 23 13:55 Makefile >[root@centos6 certs]# > >22. [root@centos6 certs]# cat /root/ssl.ldif >dn: cn=config >changetype: modify >replace: olcTLSCipherSuite >olcTLSCipherSuite: HIGH:MEDIUM:+SSLv2 >- >replace: olcTLSCertificateFile >olcTLSCertificateFile: /etc/pki/tls/certs/example.pem >- >replace: olcTLSCertificateKeyFile >olcTLSCertificateKeyFile: /etc/pki/tls/certs/example.key >- >replace: olcTLSCACertificateFile >olcTLSCACertificateFile: /etc/pki/tls/certs/ca-bundle.crt > >23. [root@centos6 certs]# ldapmodify -Y EXTERNAL -H ldapi:/// -f /root/ssl.ldif >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 >modifying entry "cn=config" > >[root@centos6 certs]# > >24. [root@centos6 certs]# vim /etc/sysconfig/ldap >SLAPD_LDAPS=yes > >[root@centos6 certs]# service slapd restart >Stopping slapd: [ OK ] >Starting slapd: [ OK ] >[root@centos6 certs]# >[root@centos6 certs]# netstat -an|grep 636 >tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN >tcp 0 0 :::636 :::* LISTEN > >25. [root@centos6 certs]# openssl s_client -connect localhost:636 -showcerts >CONNECTED(00000003) > >26. [root@centos6 certs]# ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config olcTLSCACertificatePath >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 >dn: cn=config >olcTLSCACertificatePath: /etc/openldap/certs > >dn: cn=schema,cn=config > >27. [root@centos6 certs]# ldapmodify -Y EXTERNAL -H ldapi:/// >SASL/EXTERNAL authentication started >SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth >SASL SSF: 0 >dn: cn=config >changetype: modify >delete: olcTLSCACertificatePath > >modifying entry "cn=config" >^C > >28. [root@centos6 certs]# service slapd restart >Stopping slapd: [ OK ] >Starting slapd: [ OK ] >[root@centos6 certs]# > >[root@centos6 certs]# netstat -an|grep 636 >tcp 0 0 0.0.0.0:636 0.0.0.0:* LISTEN >tcp 0 0 :::636 :::* LISTEN >[root@centos6 certs]# > >29. [root@centos6 certs]# openssl s_client -connect localhost:636 -showcerts >CONNECTED(00000003) > >30. debuginfo-install openldap-servers-2.4.23-26.el6_3.2.i686 > >31. [root@centos6 ~]# ps auxww|grep slapd >ldap 12486 2.5 1.2 360744 13040 ? Ssl 12:47 0:00 /usr/sbin/slapd -h ldap:/// ldaps:/// ldapi:/// -u ldap >root 12492 0.0 0.0 4352 740 pts/0 S+ 12:47 0:00 grep slapd >[root@centos6 ~]# > >32. [root@centos6 ~]# gdb /usr/sbin/slapd 12486 >GNU gdb (GDB) Red Hat Enterprise Linux (7.2-56.el6) >Copyright (C) 2010 Free Software Foundation, Inc. >License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> >This is free software: you are free to change and redistribute it. >There is NO WARRANTY, to the extent permitted by law. Type "show copying" >and "show warranty" for details. >This GDB was configured as "i686-redhat-linux-gnu". >For bug reporting instructions, please see: ><http://www.gnu.org/software/gdb/bugs/>... >Reading symbols from /usr/sbin/slapd...Reading symbols from /usr/lib/debug/usr/sbin/slapd.debug...done. >done. >Attaching to program: /usr/sbin/slapd, process 12486 >Reading symbols from /usr/lib/libltdl.so.7...(no debugging symbols found)...done. >Loaded symbols for /usr/lib/libltdl.so.7 >Reading symbols from /lib/libdb-4.7.so...Reading symbols from /usr/lib/debug/lib/libdb-4.7.so.debug...done. >done. >Loaded symbols for /lib/libdb-4.7.so >Reading symbols from /usr/lib/libsasl2.so.2...Reading symbols from /usr/lib/debug/usr/lib/libsasl2.so.2.0.23.debug...done. >done. >Loaded symbols for /usr/lib/libsasl2.so.2 >Reading symbols from /lib/libcrypt.so.1...Reading symbols from /usr/lib/debug/lib/libcrypt-2.12.so.debug...done. >done. >Loaded symbols for /lib/libcrypt.so.1 >Reading symbols from /lib/libresolv.so.2...Reading symbols from /usr/lib/debug/lib/libresolv-2.12.so.debug...done. >done. >Loaded symbols for /lib/libresolv.so.2 >Reading symbols from /usr/lib/libssl3.so...Reading symbols from /usr/lib/debug/usr/lib/libssl3.so.debug...done. >done. >Loaded symbols for /usr/lib/libssl3.so >Reading symbols from /usr/lib/libsmime3.so...Reading symbols from /usr/lib/debug/usr/lib/libsmime3.so.debug...done. >done. >Loaded symbols for /usr/lib/libsmime3.so >Reading symbols from /usr/lib/libnss3.so...Reading symbols from /usr/lib/debug/usr/lib/libnss3.so.debug...done. >done. >Loaded symbols for /usr/lib/libnss3.so >Reading symbols from /usr/lib/libnssutil3.so...Reading symbols from /usr/lib/debug/usr/lib/libnssutil3.so.debug...done. >done. >Loaded symbols for /usr/lib/libnssutil3.so >Reading symbols from /lib/libplds4.so...Reading symbols from /usr/lib/debug/lib/libplds4.so.debug...done. >done. >Loaded symbols for /lib/libplds4.so >Reading symbols from /lib/libplc4.so...Reading symbols from /usr/lib/debug/lib/libplc4.so.debug...done. >done. >Loaded symbols for /lib/libplc4.so >Reading symbols from /lib/libnspr4.so...Reading symbols from /usr/lib/debug/lib/libnspr4.so.debug...done. >done. >Loaded symbols for /lib/libnspr4.so >Reading symbols from /lib/libpthread.so.0...Reading symbols from /usr/lib/debug/lib/libpthread-2.12.so.debug...done. >[Thread debugging using libthread_db enabled] >[New Thread 0xa22ffb70 (LWP 12490)] >[New Thread 0xa2837b70 (LWP 12489)] >done. >Loaded symbols for /lib/libpthread.so.0 >Reading symbols from /lib/libwrap.so.0...Reading symbols from /usr/lib/debug/lib/libwrap.so.0.7.6.debug...done. >done. >Loaded symbols for /lib/libwrap.so.0 >Reading symbols from /lib/libc.so.6...Reading symbols from /usr/lib/debug/lib/libc-2.12.so.debug...done. >done. >Loaded symbols for /lib/libc.so.6 >Reading symbols from /lib/libdl.so.2...Reading symbols from /usr/lib/debug/lib/libdl-2.12.so.debug...done. >done. >Loaded symbols for /lib/libdl.so.2 >Reading symbols from /lib/libfreebl3.so... >warning: the debug information found in "/usr/lib/debug//lib/libfreebl3.so.debug" does not match "/lib/libfreebl3.so" (CRC mismatch). > > >warning: the debug information found in "/usr/lib/debug/lib/libfreebl3.so.debug" does not match "/lib/libfreebl3.so" (CRC mismatch). > >Missing separate debuginfo for /lib/libfreebl3.so >Try: yum --disablerepo='*' --enablerepo='*-debug*' install /usr/lib/debug/.build-id/8b/5c416b50a3400d1370ece5278517d0f588e1d0.debug >(no debugging symbols found)...done. >Loaded symbols for /lib/libfreebl3.so >Reading symbols from /lib/libz.so.1...Reading symbols from /usr/lib/debug/lib/libz.so.1.2.3.debug...done. >done. >Loaded symbols for /lib/libz.so.1 >Reading symbols from /lib/ld-linux.so.2...Reading symbols from /usr/lib/debug/lib/ld-2.12.so.debug...done. >done. >Loaded symbols for /lib/ld-linux.so.2 >Reading symbols from /lib/libnsl.so.1...Reading symbols from /usr/lib/debug/lib/libnsl-2.12.so.debug...done. >done. >Loaded symbols for /lib/libnsl.so.1 >Reading symbols from /lib/libnss_files.so.2...Reading symbols from /usr/lib/debug/lib/libnss_files-2.12.so.debug...done. >done. >Loaded symbols for /lib/libnss_files.so.2 >Reading symbols from /usr/lib/sasl2/libcrammd5.so...Reading symbols from /usr/lib/debug/usr/lib/sasl2/libcrammd5.so.2.0.23.debug...done. >done. >Loaded symbols for /usr/lib/sasl2/libcrammd5.so >Reading symbols from /usr/lib/sasl2/libdigestmd5.so...Reading symbols from /usr/lib/debug/usr/lib/sasl2/libdigestmd5.so.2.0.23.debug...done. >done. >Loaded symbols for /usr/lib/sasl2/libdigestmd5.so >Reading symbols from /usr/lib/libcrypto.so.10...Reading symbols from /usr/lib/debug/usr/lib/libcrypto.so.1.0.0.debug...done. >done. >Loaded symbols for /usr/lib/libcrypto.so.10 >Reading symbols from /usr/lib/sasl2/liblogin.so...Reading symbols from /usr/lib/debug/usr/lib/sasl2/liblogin.so.2.0.23.debug...done. >done. >Loaded symbols for /usr/lib/sasl2/liblogin.so >Reading symbols from /usr/lib/sasl2/libplain.so...Reading symbols from /usr/lib/debug/usr/lib/sasl2/libplain.so.2.0.23.debug...done. >done. >Loaded symbols for /usr/lib/sasl2/libplain.so >Reading symbols from /usr/lib/sasl2/libanonymous.so...Reading symbols from /usr/lib/debug/usr/lib/sasl2/libanonymous.so.2.0.23.debug...done. >done. >Loaded symbols for /usr/lib/sasl2/libanonymous.so >Reading symbols from /usr/lib/sasl2/libsasldb.so...Reading symbols from /usr/lib/debug/usr/lib/sasl2/libsasldb.so.2.0.23.debug...done. >done. >Loaded symbols for /usr/lib/sasl2/libsasldb.so >Reading symbols from /usr/lib/libsoftokn3.so... >warning: the debug information found in "/usr/lib/debug//usr/lib/libsoftokn3.so.debug" does not match "/usr/lib/libsoftokn3.so" (CRC mismatch). > > >warning: the debug information found in "/usr/lib/debug/usr/lib/libsoftokn3.so.debug" does not match "/usr/lib/libsoftokn3.so" (CRC mismatch). > >Missing separate debuginfo for /usr/lib/libsoftokn3.so >Try: yum --disablerepo='*' --enablerepo='*-debug*' install /usr/lib/debug/.build-id/ef/692b90488ac6e152a59bbc4be4e531f87a5c72.debug >(no debugging symbols found)...done. >Loaded symbols for /usr/lib/libsoftokn3.so >Reading symbols from /usr/lib/libsqlite3.so.0...(no debugging symbols found)...done. >Loaded symbols for /usr/lib/libsqlite3.so.0 >Reading symbols from /usr/lib/libnssdbm3.so...Reading symbols from /usr/lib/debug/usr/lib/libnssdbm3.so.debug...done. >done. >Loaded symbols for /usr/lib/libnssdbm3.so >Reading symbols from /usr/lib/libnssckbi.so...Reading symbols from /usr/lib/debug/usr/lib/libnssckbi.so.debug...done. >done. >Loaded symbols for /usr/lib/libnssckbi.so >Reading symbols from /usr/lib/libnsspem.so...Reading symbols from /usr/lib/debug/usr/lib/libnsspem.so.debug...done. >done. >Loaded symbols for /usr/lib/libnsspem.so >0x00a50424 in __kernel_vsyscall () >Missing separate debuginfos, use: debuginfo-install libtool-ltdl-2.2.6-15.5.el6.i686 sqlite-3.6.20-1.el6.i686 >(gdb) > >33. (gdb) thr apply all bt > >Thread 3 (Thread 0xa2837b70 (LWP 12489)): >#0 0x00a50424 in __kernel_vsyscall () >#1 0xb773beb6 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82 >#2 0x004735cb in slapd_daemon_task (ptr=0x0) > at ../../../servers/slapd/daemon.c:2467 >#3 0x003f8a49 in start_thread (arg=0xa2837b70) at pthread_create.c:301 >#4 0xb773b63e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133 > >Thread 2 (Thread 0xa22ffb70 (LWP 12490)): >#0 0x00a50424 in __kernel_vsyscall () >#1 0xb76eac56 in gettimeofday () at ../sysdeps/unix/syscall-template.S:82 >#2 0x00d6cfeb in PR_Now () > at ../../../../mozilla/nsprpub/pr/src/md/unix/unix.c:3011 >#3 0x00702bf0 in pk11_CheckPassword (slot=0xa1d2df20, > pw=0xa1d50030 "-----END RSA PRIVATE KEY-----") at pk11auth.c:86 >#4 0x00702e08 in PK11_DoPassword (slot=0xa1d2df20, loadCerts=0, > wincx=0xb76016a0) at pk11auth.c:634 >#5 0x00702f58 in PK11_Authenticate (slot=0xa1d2df20, loadCerts=0, > wincx=0xb76016a0) at pk11auth.c:334 >#6 0x005c5965 in tlsm_authenticate_to_slot (ctx=0xb76016a0, > certname=<value optimized out>, > pininfo=0xa1d4f970 "/etc/pki/tls/certs/example.key") at tls_m.c:1093 >---Type <return> to continue, or q <return> to quit--- >#7 tlsm_authenticate (ctx=0xb76016a0, certname=<value optimized out>, > pininfo=0xa1d4f970 "/etc/pki/tls/certs/example.key") at tls_m.c:1816 >#8 0x005c7760 in tlsm_deferred_ctx_init (arg=0xb76016a0) at tls_m.c:2394 >#9 0x00d5c181 in PR_CallOnceWithArg (once=0xb76016c4, > func=0x5c7280 <tlsm_deferred_ctx_init>, arg=0xb76016a0) > at ../../../mozilla/nsprpub/pr/src/misc/prinit.c:804 >#10 0x005c41fd in tlsm_session_new (ctx=0xb76016a0, is_server=1) > at tls_m.c:2545 >#11 0x005c221c in alloc_handle (ctx_arg=<value optimized out>, > is_server=<value optimized out>) at tls2.c:296 >#12 0x005c2960 in ldap_pvt_tls_accept (sb=0xa1d00468, ctx_arg=0xb76016a0) > at tls2.c:418 >#13 0x00479f1f in connection_read (ctx=0xa22ff1ec, argv=0xf) > at ../../../servers/slapd/connection.c:1326 >#14 connection_read_thread (ctx=0xa22ff1ec, argv=0xf) > at ../../../servers/slapd/connection.c:1238 >#15 0x0059993c in ldap_int_thread_pool_wrapper (xpool=0xb757b088) > at ../../../libraries/libldap_r/tpool.c:685 >#16 0x003f8a49 in start_thread (arg=0xa22ffb70) at pthread_create.c:301 >#17 0xb773b63e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133 > >Thread 1 (Thread 0xb7656a10 (LWP 12486)): >#0 0x00a50424 in __kernel_vsyscall () >---Type <return> to continue, or q <return> to quit--- >#1 0x003f910d in pthread_join (threadid=2726525808, thread_return=0x0) > at pthread_join.c:89 >#2 0x0059a715 in ldap_pvt_thread_join (thread=2726525808, thread_return=0x0) > at ../../../libraries/libldap_r/thr_posix.c:197 >#3 0x004722d3 in slapd_daemon () at ../../../servers/slapd/daemon.c:2842 >#4 0x0045bf60 in main (argc=5, argv=0xbf96ea04) > at ../../../servers/slapd/main.c:961 >(gdb) > >34. (gdb) thread 2 >[Switching to thread 2 (Thread 0xa22ffb70 (LWP 12490))]#0 0x00a50424 in __kernel_vsyscall () >(gdb) frame 7 >#7 tlsm_authenticate (ctx=0xb76016a0, certname=<value optimized out>, > pininfo=0xa1d4f970 "/etc/pki/tls/certs/example.key") at tls_m.c:1816 >1816 rc = tlsm_authenticate_to_slot( ctx, slot ); >(gdb) p *ctx >$1 = {tc_model = 0xa1d6ff80, tc_refcnt = 2, tc_verify_cert = 0, > tc_certdb = 0xa1d2ff78, > tc_certname = 0xa1d4f948 "/etc/pki/tls/certs/example.pem", > tc_pin_file = 0xa1d4f970 "/etc/pki/tls/certs/example.key", > tc_config = 0xb7601708, tc_is_server = 1, tc_require_cert = 0, > tc_callonce = {initialized = 0, inProgress = 1, status = PR_SUCCESS}, > tc_using_pem = 0, tc_slotname = 0x0, tc_initctx = 0xa1d022d8, > tc_pem_objs = 0xa1d6fdf0, tc_n_pem_objs = 1, tc_warn_only = 0, > tc_refmutex = {__data = {__lock = 0, __count = 0, __owner = 0, __kind = 0, > __nusers = 0, {__spins = 0, __list = {__next = 0x0}}}, > __size = '\000' <repeats 23 times>, __align = 0}} >(gdb) > >>>>> tc_using_pem = 0 <<<<<<<<< > > >35. [root@centos6 ~]# service slapd stop >Stopping slapd: [ OK ] >[root@centos6 ~]# cd /etc/openldap/certs/ >[root@centos6 certs]# ls >cert8.db key3.db password secmod.db >[root@centos6 certs]# mv cert8.db key3.db /tmp/ >[root@centos6 certs]# service slapd start >Starting slapd: [ OK ] >[root@centos6 certs]# > >36. [root@centos6 certs]# openssl s_client -connect localhost:636 -showcerts >CONNECTED(00000003) >depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = centos6.example.org >verify error:num=18:self signed certificate >verify return:1 >depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = centos6.example.org >verify return:1 >--- >Certificate chain > 0 s:/C=XX/L=Default City/O=Default Company Ltd/CN=centos6.example.org > i:/C=XX/L=Default City/O=Default Company Ltd/CN=centos6.example.org >-----BEGIN CERTIFICATE----- >MIIDizCCAnOgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJYWDEV >MBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkg >THRkMRwwGgYDVQQDDBNjZW50b3M2LmV4YW1wbGUub3JnMB4XDTEyMDkyMjAzMzM1 > >37. [root@centos6 certs]# ldapsearch -ZZ -LLL -x -W -H ldap:/// -D cn=manager,dc=example,dc=org -b 'dc=example,dc=org' cn=* >Enter LDAP Password: >dn: cn=Manager,dc=example,dc=org >objectClass: organizationalRole >cn: Manager > >Sep 22 13:34:33 centos6 slapd[12565]: conn=1012 fd=16 ACCEPT from IP=127.0.0.1:57122 (IP=0.0.0.0:389) >Sep 22 13:34:33 centos6 slapd[12565]: conn=1012 op=0 EXT oid=1.3.6.1.4.1.1466.20037 >Sep 22 13:34:33 centos6 slapd[12565]: conn=1012 op=0 STARTTLS >Sep 22 13:34:33 centos6 slapd[12565]: conn=1012 op=0 RESULT oid= err=0 text= >Sep 22 13:34:33 centos6 slapd[12565]: conn=1012 fd=16 TLS established tls_ssf=256 ssf=256 >Sep 22 13:34:35 centos6 slapd[12565]: conn=1012 op=1 BIND dn="cn=manager,dc=example,dc=org" method=128 >Sep 22 13:34:35 centos6 slapd[12565]: conn=1012 op=1 BIND dn="cn=manager,dc=example,dc=org" mech=SIMPLE ssf=0 >Sep 22 13:34:35 centos6 slapd[12565]: conn=1012 op=1 RESULT tag=97 err=0 text= >Sep 22 13:34:35 centos6 slapd[12565]: conn=1012 op=2 SRCH base="dc=example,dc=org" scope=2 deref=0 filter="(cn=*)" >Sep 22 13:34:35 centos6 slapd[12565]: conn=1012 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= >Sep 22 13:34:35 centos6 slapd[12565]: conn=1012 op=3 UNBIND >Sep 22 13:34:35 centos6 slapd[12565]: conn=1012 fd=16 closed > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=615685">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 859582
: 615685