Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

LDAP really messed up,, GW, Edir 873

19 views
Skip to first unread message

Emerson

unread,
Jan 19, 2004, 5:33:15 AM1/19/04
to
Hi,,

We're running NW6 servers,
most of them were SP3,, a couple with beta sp4,
also tried appying sp4 to "the rest" of the servers.


Anyway,
after upgrading from edir 862 to edir 873 just downloaded,
everything to crazy..


iFolder stopped working,
GW Webaccess stopped working
GW /LDAP security stopped working,

Common factor; LDAP problems;
So,

noticed behavior;
at first only our master certificate server was listening at all to
either port 389 or 636, all other servers while looking in tcpcon,
showed NO listen on above ports...
And,, this didnt matter whether unload/reloading NLDAP.

All certificates checked on all servers,
both with pkidiag.nlm and sdidiag.nlm, no errors reported,

Also tried by creating a new certificate, LDAP SSL, to bind to the
ldapserver on the main server,

Errors reported from DSTRACE;
with cleartext ldap enabled from GW Webaccess to the main GW server;

New cleartext connection 0xcdc39e40 from 192.168.123.25:1070, mo
ndex = 3
Invalid protocol request on connection 0xcdc39e40
Monitor 0x20e initiating close for connection 0xcdc39e40
Server closing connection 0xcdc39e40, reason = 2
(192.168.123.25:1070)(0x0000:0x77) Sending operation result 2:""
n 0xcdc39e40


---------------------
With SSL Required/Enabled, error reported on dstrace;
New TLS connection 0xcdc39e40 from 192.168.123.25:1077, monitor =
0x20e, index =
3
Monitor 0x20e initiating TLS handshake on connection 0xcdc39e40
(192.168.123.25:1077)(0x0000:0x00) DoTLSHandshake on connection
0xcdc39e40
(192.168.123.25:1077)(0x0000:0x00) TLS accept failure 1 on connection
0xcdc39e40
, setting err = -5875. Error stack:
error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate
- SSL alert number 42
(192.168.123.25:1077)(0x0000:0x00) TLS handshake failed on connection
0xcdc39e40
, err = -5875


Right now above errors come from the combo;
SP4 and Edir 873.
IP stack is from SP4, and is the "null" version.


From a Client PC,
using a LDAP util like LDAPTOOL.EXE,

at first, as stated previously, only the main server was listening
"at all", though only working on 389.

Now,, it seems that all servers do respond to port 389,
but,, still no one works with 636.


In C1 (the once that came with edir 873),
I manually went in on every LDAP server except our mainserver,
and changed config version from "0" to 8,
same thing with the LDAP Groups for each server,

I had to try this manually since unloading and reloading NLDAP
on those other servers resultet in;
on the console,, ldap reported something, upgradeing ldap groupconfig
version......,,
and then,, abend 1,, process ended,,

this happend every time,

But,, after manually changing config version on the LDAP
servers/Groups, this abend and error has not occured..

Anyway,
Main issue; SSL and LDAP refuses to work,
PKIDIAG reports no errors
SDIDIAG reports no errors
New certificates created,, no HELP,


Im stuck...


0 new messages