I've been following the Ubuntu Server Guide for OpenLDAP, and have run into an issue with what I suspect is replication. If I run the following command on the client with access to the server:
ldapsearch -ZZ ldapi:/// -D "cn=admin,dc=auth,dc=<us>,dc=com" -W
where has been sanitized. The client side output is as follows:
<Listing of users and groups>
# search result
search: 3
result: 0 Success
The output of /var/syslog on the server is:
Feb 20 14:59:42 LDAP slapd[875]: conn=1448 fd=30 ACCEPT from IP=192.168.1.1:46870 (IP=0.0.0.0:389)
Feb 20 14:59:42 LDAP slapd[875]: conn=1448 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Feb 20 14:59:42 LDAP slapd[875]: conn=1448 op=0 STARTTLS
Feb 20 14:59:42 LDAP slapd[875]: conn=1448 op=0 RESULT oid= err=0 text=
Feb 20 14:59:42 LDAP slapd[875]: conn=1448 fd=30 TLS established tls_ssf=128 ssf=128
<Database is searched>
Feb 20 14:59:57 LDAP slapd[875]: conn=1448 op=1 RESULT tag=97 err=0 text=
Feb 20 14:59:57 LDAP slapd[875]: conn=1448 op=3 UNBIND
Feb 20 14:59:57 LDAP slapd[875]: conn=1448 fd=30 closed
This leads me to believe that the server is not the issue. The following is an attempt to login with an LDAP user on the server (Client side simply fails as though a bad password was entered.):
Feb 20 15:39:50 LDAP slapd[875]: conn=1496 fd=26 ACCEPT from IP=192.168.1.1:46896 (IP=0.0.0.0:389)
Feb 20 15:39:50 LDAP slapd[875]: conn=1496 op=0 EXT oid=1.3.6.1.4.1.1466.20037
Feb 20 15:39:50 LDAP slapd[875]: conn=1496 op=0 STARTTLS
Feb 20 15:39:50 LDAP slapd[875]: conn=1496 op=0 RESULT oid= err=0 text=
Feb 20 15:39:53 LDAP slapd[875]: conn=1496 fd=26 closed (TLS negotiation failure)
If you need me to provide any specific config files or settings, I will be more than happy to do so. It's been quite a challenge getting TLS working so I appreciate any help you can provide.
Best Answer
I think the problem is the URI in query. Look at the "CN" (Common Name) or "SAN" (subject alternative name) field in the server certificate and use this value to call LDAP server.