[LDAP-interop] Net::LDAPS -> Active Directory

[Jeff Saxton]

more notes, converted cert to PEM

openssl x509 -inform DER -outform PEM -in file.crt -out file.pem

[jsaxton at localhost AD]$ openssl s_client -connect adserver:636 -CAfile cert.pem -ssl3
CONNECTED(00000003)
8294:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:529:
[jsaxton at localhost AD]$

[jsaxton at localhost AD]$ openssl s_client -connect dhcp205:636 -CAfile cert.pem -ssl2
CONNECTED(00000003)
8302:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

So it looks like the problem is with the cert?

Should I take this to the openssl mailing list?



Jeff Saxton wrote:
> 1) installed M$ certificate services on AD server
> 2) copied cert to my Linux box
> 3) verified cert with openssl x509 -inform DER -in file.crt -noout -text
>    cert looks OK
> 4) verified AD server listening on 636
> 
> 5) run this perl script
> ---- adtesst.pl ----
> #!/usr/bin/perl
> use Net::LDAPS;
> 
> $ldap = Net::LDAP->new(
>         'ldaps://adserver.mydomain.com:636',
>         timeout => 1000,
>         verify => 'require',
>         capath => '/root/AD/',
>         ) || die "cant make initial connection: $@";
> 
> $result - $ldap->bind(
>         'cn=myuser,dc=mydomain,dc=com',
>         password => 'my_passwd',
>         ) || die $!;
> 
> $ldap->unbind();
> exit;
> ---- cut here ----
> 
> [jsaxton at localhost AD]$ time ./adteswt.pl
> cant make initial connection: IO::Socket::SSL: Timeout at ./a.pl line 
> 11, <DATA> line 225.
> 
> real    0m0.602s
> user    0m0.441s
> sys     0m0.032s
> [jsaxton at localhost AD]$
> 
> So it looks like the timeout is being ignored??
> 
> 
> _______________________________________________
> LDAP-interop mailing list
> LDAP-interop at fini.net
> http://lists.fini.net/mailman/listinfo/ldap-interop

-- 
Jeff Saxton
SenSage, Inc.
55 Hawthorne Street Suite 700
San Francisco, CA 94105
Phone:  415.808.5900
Fax:    415.371.1385
Direct: 415-808-5921
Cell:   415-640-6392
mailto:support at sensage.com

Enterprise Security Analytics

SenSage, the leading provider of enterprise security analytics, offers
unparalleled performance and a scalable means for organizations to centrally
aggregate, efficiently analyze, dynamically monitor and cost-effectively
store massive volumes of event log data.


_______________________________________________
LDAP-interop mailing list
LDAP-interop at fini.net
http://lists.fini.net/mailman/listinfo/ldap-interop