LDAP TLS negotiation failure error

1 Comment

Q. I am trying to configure LDAP client. Have copied the certificate to client and enabled TLS in pam_ldap.conf. Still the client failed to communicate with LDAP server. At server end found TLS negotiation failure error. How to fix it?

Sep 11 10:35:12 rhel4 slapd[5241]: conn=1130 fd=12 ACCEPT from IP=10.20.31.140:37309 (IP=0.0.0.0:636)
Sep 11 10:35:12 rhel4 slapd[5241]: conn=1130 fd=12 closed (TLS negotiation failure)

A. Most of the time this error occurs when LDAP client unable to read the certificate. This certificate file stored locally at preferred location. But the path of certificate file looked from /etc/openldap/ldap.conf. Load the correct certificate using “TLS_CACERT” attribute.

The sample of working /etc/openldap/ldap.conf file.

BASE dc=sunt,dc=com
URI ldaps://rhel4.sunt.com/  ldaps://rhel6.sunt.com
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts/ldapcert.pem

This how to document guide you to Configure RHEL6 as LDAP client.

Did this post help you? Yes / No

One thought on “LDAP TLS negotiation failure error

Leave a Reply

Your email address will not be published. Required fields are marked *