<html>
<head>
<style type="text/css">
<!--
body { line-height: normal; margin-left: 4px; margin-bottom: 1px; margin-top: 4px; font-variant: normal; margin-right: 4px }
p { margin-bottom: 0; margin-top: 0 }
-->
</style>
</head>
<body>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> On Thu, 21 Sep 2006, Nick Couchman wrote:</font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">>> When I try to set the port to 636 in the res_ldap.conf file, I get bind </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">>> errors ("Can't contact server..."). I imagine this is an issue with </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">>> certificates and trust, but I'm not exactly sure where I need to put my </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">>> CA certificate in order to make the ldap module happy.</font> </p>
<br>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> Probably wherever openssl looks for them. Try /etc/pki/tls/certs/, </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> /etc/ssl/certs/ or /usr/share/ssl/certs/, depending on your distro. You'll </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> also need to symlink the certificate to its hash, check the openssl docs </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> if you haven't done this before.</font> </p>
<br>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">I've just finished trying this and I still get an error when Asterisk tries to connect. I have a couple other things I need to try (I need to try to adjust my CA a little bit), but if anyone else has other suggestions for me, I'd appreciate it.</font> </p>
<br>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">>> I've tried to use tcpdump to see this data, but tcpdump doesn't grab the </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">>> full packet, it truncates it at a certain point, so I can't see the </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">>> data.</font> </p>
<br>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> Try doing your tcpdump with "‑s 0" ‑ it tells tcpdump to "snarf" the whole </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> packet</font> </p>
<br>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> Even better, use wireshark (the new name for ethereal). It'll do a very </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> nice job (I tend to find better than tcpdump) at showing you the contents </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> of you ldap queries and responses.</font> </p>
<br>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">I was using ethereal to interpret the data, but my servers don't have X on them so it's hard to run Ethereal or Wireshark directly on the server. So, I use tcpdump to capture to a file, then copy to my workstation and use Ethereal to open it.</font> </p>
<br> <br>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> I haven't gotten around to playing with direct integration with asterisk </font> </p>
<p style="margin-top: 0; margin-bottom: 0">
<font size="2" face="Dialog">> and ldap, so I can't help on your other issues.</font> </p>
<br>Nick Couchman<BR>Systems Integrator<BR>SEAKR Engineering, Inc.<BR>6221 South Racine Circle<BR>Centennial, CO 80111<BR>Main: (303) 790-8499<BR>Fax: (303) 790-8720<BR>Web: <a href="http://www.seakr.com">http://www.seakr.com</a><BR><BR><br><br></body>
</html>