Aravind Gottipati wrote:
> Hi,
Hi,
>
> I have openssh+lpk working when I use a ldap uri. However, when I
> change it to a ldaps uri, the sshd cannot bind to the ldap server and
> throws this message.
>
> Starting sshd:ldap_connect: (TLS) ldap_start_tls(): Can't contact LDAP
> server (-1)
> ldap_simple_bind_s(): Can't contact LDAP server (-1)
> [LDAP] could not initialize ldap connection
Ok at some point we were supporting LDAP, LDAPS and LDAP/TLS, actually
LDAPS (aka LDAP SSL on 636) is deprecated and since the code making the
difference was not nice at the time and required different
initialization for the connection, I took it off and supported only
the new prefered standard which is TLS.
Old page was mentioning it, I didn't check If we copied that correctly,
I'll document it more otherwise, check in the mailing list archive, you
should see a small thread about it.
>
> I am not using tls, so I am guessing I can ignore that ldap_start_tls
> error. However, the same ldaps uri works just fine with ldapsearch and
> the same binduser/password combination. What logs can I provide to help
> troubleshoot this. I did try running sshd with debug3 log level, but
> that doesn't provide any additional information in the logs.
>
> Have you been able to get openssh+lpk working with ldaps? Am I missing
> something in the configuration?
>
> Thank you,
>
> Aravind.
>
HTH,
Regards,
Eric.
signature.asc (193 bytes) 