Open MyIcecream opened 6 years ago
[root@MiWiFi-R3P-srv certs]# ldapsearch -x -d 1 -v -H ldaps://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin ldap_url_parse_ext(ldaps://localhost) ldap_initialize( ldaps://localhost:636/??base ) ldap_create ldap_url_parse_ext(ldaps://localhost:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying ::1 636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect success TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir = (null)' tlsmc_intercept_initialization: INFO: certfile =(null)' tlsmc_intercept_initialization: INFO: keyfile = (null)' tlsmc_convert: INFO: trying to open NSS DB with CACertDir =(null)'. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir = (null)' tlsmc_intercept_initialization: INFO: certfile =(null)' tlsmc_intercept_initialization: INFO: keyfile = `(null)' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 19, subject: /C=US/O=A1A Car Wash/OU=Information Technology Dep./L=Albuquerque/ST=New Mexico/CN=docker-light-baseimage, issuer: /C=US/O=A1A Car Wash/OU=Information Technology Dep./L=Albuquerque/ST=New Mexico/CN=docker-light-baseimage TLS certificate verification: Error, self signed certificate in certificate chain TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in error TLS trace: SSL_connect:error in error TLS: can't connect: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain). ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
(null)' tlsmc_intercept_initialization: INFO: certfile =
(null)' tlsmc_convert: INFO: trying to open NSS DB with CACertDir =
can not centact LDAP over ldaps
把域名改成自己的,如果没有 ssl 证书把它关了试下
hulupiao
commented
6 years ago hulupiao
commented
6 years ago
[root@MiWiFi-R3P-srv certs]# ldapsearch -x -d 1 -v -H ldaps://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin ldap_url_parse_ext(ldaps://localhost) ldap_initialize( ldaps://localhost:636/??base ) ldap_create ldap_url_parse_ext(ldaps://localhost:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying ::1 636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 attempting to connect: connect success TLSMC: MozNSS compatibility interception begins. tlsmc_intercept_initialization: INFO: entry options follow: tlsmc_intercept_initialization: INFO: cacertdir =
(null)' tlsmc_intercept_initialization: INFO: certfile =(null)' tlsmc_intercept_initialization: INFO: keyfile =(null)' tlsmc_convert: INFO: trying to open NSS DB with CACertDir =(null)'. tlsmc_convert: INFO: cannot open the NSS DB, expecting PEM configuration is present. tlsmc_intercept_initialization: INFO: altered options follow: tlsmc_intercept_initialization: INFO: cacertdir =(null)' tlsmc_intercept_initialization: INFO: certfile =(null)' tlsmc_intercept_initialization: INFO: keyfile = `(null)' tlsmc_intercept_initialization: INFO: successfully intercepted TLS initialization. Continuing with OpenSSL only. TLSMC: MozNSS compatibility interception ends. TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 19, subject: /C=US/O=A1A Car Wash/OU=Information Technology Dep./L=Albuquerque/ST=New Mexico/CN=docker-light-baseimage, issuer: /C=US/O=A1A Car Wash/OU=Information Technology Dep./L=Albuquerque/ST=New Mexico/CN=docker-light-baseimage TLS certificate verification: Error, self signed certificate in certificate chain TLS trace: SSL3 alert write:fatal:unknown CA TLS trace: SSL_connect:error in error TLS trace: SSL_connect:error in error TLS: can't connect: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate in certificate chain). ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)can not centact LDAP over ldaps