Tâche #15194
Mis à jour par Joël Cuissinat il y a environ 8 ans
Après mise en place de la configuration de réplication ldaps :
<pre>
root@seshat:~# slapd -f /etc/ldap/slapd.conf -u openldap -g openldap -d 16384
56d0217c @(#) $OpenLDAP: slapd (Ubuntu) (Sep 15 2015 18:19:13) $
buildd@lgw01-53:/build/openldap-2QUgtL/openldap-2.4.31/debian/build/servers/slapd
56d0217c slapd starting
TLS: can't connect: The signature algorithm is not supported..
56d0217c slap_client_connect: URI=ldaps://192.168.0.31:636 DN="cn=reader,o=gouv,c=fr" ldap_sasl_bind_s failed (-1)
56d0217e do_syncrepl: rid=000 rc -1 retrying (9 retries left)
</pre>
<pre>
root@seshat:~# openssl s_client -showcerts -connect 192.168.0.31:636 < /dev/null | openssl x509 -noout -text > cert.txt
depth=1 C = FR, O = Ministere Education Nationale (MENESR), OU = 110 043 015, OU = ac-test, CN = CA-scribe
verify error:num=19:self signed certificate in certificate chain
verify return:0
DONE
root@seshat:~# openssl s_client -showcerts -connect 192.168.0.31:636 < /dev/null | openssl x509 -noout -text | grep -i signature
depth=1 C = FR, O = Ministere Education Nationale (MENESR), OU = 110 043 015, OU = ac-test, CN = CA-scribe
verify error:num=19:self signed certificate in certificate chain
verify return:0
DONE
Signature Algorithm: sha256WithRSAEncryption
Digital Signature, Non Repudiation, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
</pre>
<pre>
root@seshat:~# slapd -f /etc/ldap/slapd.conf -u openldap -g openldap -d 16384
56d0217c @(#) $OpenLDAP: slapd (Ubuntu) (Sep 15 2015 18:19:13) $
buildd@lgw01-53:/build/openldap-2QUgtL/openldap-2.4.31/debian/build/servers/slapd
56d0217c slapd starting
TLS: can't connect: The signature algorithm is not supported..
56d0217c slap_client_connect: URI=ldaps://192.168.0.31:636 DN="cn=reader,o=gouv,c=fr" ldap_sasl_bind_s failed (-1)
56d0217e do_syncrepl: rid=000 rc -1 retrying (9 retries left)
</pre>
<pre>
root@seshat:~# openssl s_client -showcerts -connect 192.168.0.31:636 < /dev/null | openssl x509 -noout -text > cert.txt
depth=1 C = FR, O = Ministere Education Nationale (MENESR), OU = 110 043 015, OU = ac-test, CN = CA-scribe
verify error:num=19:self signed certificate in certificate chain
verify return:0
DONE
root@seshat:~# openssl s_client -showcerts -connect 192.168.0.31:636 < /dev/null | openssl x509 -noout -text | grep -i signature
depth=1 C = FR, O = Ministere Education Nationale (MENESR), OU = 110 043 015, OU = ac-test, CN = CA-scribe
verify error:num=19:self signed certificate in certificate chain
verify return:0
DONE
Signature Algorithm: sha256WithRSAEncryption
Digital Signature, Non Repudiation, Key Encipherment
Signature Algorithm: sha256WithRSAEncryption
</pre>