×

Loading...
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

@Florida

请教哪位对基于ssl的ldap有经验? 同样的certificate,userid和password在windows下一切正常,在Solaris下就失败,为什么?

mike20030405(mike)
本文发表在 rolia.net 枫下论坛同样的certificate,userid和password在windows下测试ldapssl_client_init等一系列函数功能,都可以成功,程序正常返回了远程server上的数据。
但是在Solaris下测试时,第一个初始化函数就失败,ldapssl_client_init总返回-1.
PR_GetError()返回最后的错误码是-8174,ldap_err2string()返回其错误信息是"Security library: bad database".
虽然我认为PR_GetError()不见得返回了对应的错误码,但也实在没有其他的办法,因为没有其他的资料能解释ldapssl_client_int()失败。
谁能帮我?我知道这里高手多,呵呵,急啊,头儿盯着呢。 Solaris上缩减后的程序及执行结果见后。

(另外
1.据提供certificate,userid和password的我们头说,这些东西都是在linux上搞来的,现在windows下也可以,Solaris下没理由不行的。服务器是普林斯顿的,ldap.princeton.edu
2.ldapssl_clientauth_init()也失败,但在windows下替换掉ldapssl_client_init()就没问题。
3.权限应该不是问题,我在Solaris下是用root用户测试的。Next time will I try PR_ErrorToString())。


bash-2.03# cat tst.c
#include "examples.h"
#include "ldap_ssl.h"
#include "ldappr.h"
#include "prerror.h"

#define MY_CERTDB_PATH "/usr/local/config/cert8.db"
#define MY_KEY3DB_PATH "/usr/local/config/key3.db"

int main( int argc, char **argv )
{
int iRet;
PRErrorCode err;
PRErrorCode errOS;

iRet=ldapssl_client_init( MY_CERTDB_PATH, NULL );
err = PR_GetError();
errOS = PR_GetOSError();

printf("Initialize the err number: err = 0x%08x, %ld, errOS = 0x%08x, %ld\n", err, err, errOS, errOS);

PR_SetError(0, 0);
err = PR_GetError();
errOS = PR_GetOSError();

printf("Initialize the err number: err = 0x%08x, %ld, errOS = 0x%08x, %ld\n", err, err, errOS, errOS);

iRet=ldapssl_client_init( MY_CERTDB_PATH, NULL );
if ( iRet < 0 ) {
err = PR_GetError();
errOS = PR_GetOSError();
printf("err = 0x%08x, %ld, errOS = 0x%08x, %ld\n", err, err, errOS, errOS);
printf("ldapssl_client_init failed, return %d, [%s], [%s]\n",
iRet, ldap_err2string(iRet), ldapssl_err2string(iRet));
printf("ldapssl_client_init failed, return %d, [%s], [%s]\n",
iRet, ldap_err2string(err), ldapssl_err2string(err));
printf("ldapssl_client_init failed, OS error, return %d, [%s], [%s]\n",
iRet, ldap_err2string(errOS), ldapssl_err2string(errOS));
}
else
printf("ldapssl_client_init okay.\n");

iRet=ldapssl_clientauth_init( MY_CERTDB_PATH, NULL , 1, MY_KEY3DB_PATH, NULL);
if ( iRet < 0 )
printf("ldapssl_clientauth_init failed, return %d, [%s], [%s]\n",
iRet, ldap_err2string(iRet), ldapssl_err2string(iRet));
else
printf("ldapssl_clientauth_init okay.\n");

return( 0 );
}

bash-2.03# ./tst
Initialize the err number: err = 0xffffe012, -8174, errOS = 0x00000000, 0
Initialize the err number: err = 0x00000000, 0, errOS = 0x00000000, 0
err = 0xffffe012, -8174, errOS = 0x00000000, 0
ldapssl_client_init failed, return -1, [Unknown error], [unknown]
ldapssl_client_init failed, return -1, [Unknown error], [security library: bad database.]
ldapssl_client_init failed, OS error, return -1, [Success], [unknown]
ldapssl_clientauth_init failed, return -1, [Unknown error], [unknown]
bash-2.03#更多精彩文章及讨论,请光临枫下论坛 rolia.net
(#2544497@0)
Last Updated: 2005-10-9
This post has been archived. It cannot be replied.
Report

Replies, comments and Discussions:

  • 工作学习 / 专业技术讨论 / 请教哪位对基于ssl的ldap有经验? 同样的certificate,userid和password在windows下一切正常,在Solaris下就失败,为什么? -mike20030405(mike); 2005-10-9 {3491} (#2544497@0)
    本文发表在 rolia.net 枫下论坛同样的certificate,userid和password在windows下测试ldapssl_client_init等一系列函数功能,都可以成功,程序正常返回了远程server上的数据。
    但是在Solaris下测试时,第一个初始化函数就失败,ldapssl_client_init总返回-1.
    PR_GetError()返回最后的错误码是-8174,ldap_err2string()返回其错误信息是"Security library: bad database".
    虽然我认为PR_GetError()不见得返回了对应的错误码,但也实在没有其他的办法,因为没有其他的资料能解释ldapssl_client_int()失败。
    谁能帮我?我知道这里高手多,呵呵,急啊,头儿盯着呢。 Solaris上缩减后的程序及执行结果见后。

    (另外
    1.据提供certificate,userid和password的我们头说,这些东西都是在linux上搞来的,现在windows下也可以,Solaris下没理由不行的。服务器是普林斯顿的,ldap.princeton.edu
    2.ldapssl_clientauth_init()也失败,但在windows下替换掉ldapssl_client_init()就没问题。
    3.权限应该不是问题,我在Solaris下是用root用户测试的。Next time will I try PR_ErrorToString())。


    bash-2.03# cat tst.c
    #include "examples.h"
    #include "ldap_ssl.h"
    #include "ldappr.h"
    #include "prerror.h"

    #define MY_CERTDB_PATH "/usr/local/config/cert8.db"
    #define MY_KEY3DB_PATH "/usr/local/config/key3.db"

    int main( int argc, char **argv )
    {
    int iRet;
    PRErrorCode err;
    PRErrorCode errOS;

    iRet=ldapssl_client_init( MY_CERTDB_PATH, NULL );
    err = PR_GetError();
    errOS = PR_GetOSError();

    printf("Initialize the err number: err = 0x%08x, %ld, errOS = 0x%08x, %ld\n", err, err, errOS, errOS);

    PR_SetError(0, 0);
    err = PR_GetError();
    errOS = PR_GetOSError();

    printf("Initialize the err number: err = 0x%08x, %ld, errOS = 0x%08x, %ld\n", err, err, errOS, errOS);

    iRet=ldapssl_client_init( MY_CERTDB_PATH, NULL );
    if ( iRet < 0 ) {
    err = PR_GetError();
    errOS = PR_GetOSError();
    printf("err = 0x%08x, %ld, errOS = 0x%08x, %ld\n", err, err, errOS, errOS);
    printf("ldapssl_client_init failed, return %d, [%s], [%s]\n",
    iRet, ldap_err2string(iRet), ldapssl_err2string(iRet));
    printf("ldapssl_client_init failed, return %d, [%s], [%s]\n",
    iRet, ldap_err2string(err), ldapssl_err2string(err));
    printf("ldapssl_client_init failed, OS error, return %d, [%s], [%s]\n",
    iRet, ldap_err2string(errOS), ldapssl_err2string(errOS));
    }
    else
    printf("ldapssl_client_init okay.\n");

    iRet=ldapssl_clientauth_init( MY_CERTDB_PATH, NULL , 1, MY_KEY3DB_PATH, NULL);
    if ( iRet < 0 )
    printf("ldapssl_clientauth_init failed, return %d, [%s], [%s]\n",
    iRet, ldap_err2string(iRet), ldapssl_err2string(iRet));
    else
    printf("ldapssl_clientauth_init okay.\n");

    return( 0 );
    }

    bash-2.03# ./tst
    Initialize the err number: err = 0xffffe012, -8174, errOS = 0x00000000, 0
    Initialize the err number: err = 0x00000000, 0, errOS = 0x00000000, 0
    err = 0xffffe012, -8174, errOS = 0x00000000, 0
    ldapssl_client_init failed, return -1, [Unknown error], [unknown]
    ldapssl_client_init failed, return -1, [Unknown error], [security library: bad database.]
    ldapssl_client_init failed, OS error, return -1, [Success], [unknown]
    ldapssl_clientauth_init failed, return -1, [Unknown error], [unknown]
    bash-2.03#更多精彩文章及讨论,请光临枫下论坛 rolia.net
    • upup,急啊急。要不那位推荐一个更好的LDAP论坛? -mike20030405(mike); 2005-10-10 (#2545730@0)
      • 这么专业的问题你也在这问? -yr2much(伟大的豪哥的哥); 2005-10-10 {209} (#2545777@0)
        what is your ldap server (OS, software)?
        what is your ldap client?

        Solaris might just don't support ldap over ssl. Did you try Simple Bind? Is it working?
        I will try to see if I can find anything for you
        • good point.I never doubt that might be impossible.The ldap server should be Sun E220, I forget what the software is. I will try the simple one tomorrow. Thanks anyway. -mike20030405(mike); 2005-10-10 (#2546948@0)
        • I just remembered the Simple LDAP works okay. -mike20030405(mike); 2005-10-10 (#2546949@0)
    • Do you have the source code for ldapssl_client_init? -yc192(yc192); 2005-10-10 (#2546818@0)
      • sorry. Do you? -mike20030405(mike); 2005-10-10 (#2546938@0)
    • 重新下载Mozilla Ldap的cvs相关包,在solaris8SPARC上重新编译出新的统一库,程序终于全部通了. 编译时遇到很多麻烦,幸好都能一一解决..感谢大家关注! -mike20030405(mike); 2005-10-13 (#2551808@0)

More Topics

  • 看大家讨论日语,俺也正在认真学习。其实语言问题应该是很快也很容易就解决的,可能比自动驾驶来的还快。TREK里面,全宇宙的人都在大脑里安装了UNIVERSAL TRANSLATOR,外星人之间相互交流无障碍。废话少说,看视频。。。加上个MIC和耳机,不同国家的人就可以无障碍交流。
  • 肉脸真有搞 IT 的?Linux 把俄国中国伊朗踢出去了好像肉脸 IT 没啥感觉似的
  • 请问web developer和software developer技术上有什么区别?
  • Elon Musk 带着川普总统奔向火星了。
  • 扔硬币的实验研究
    • 枫下论坛主坛工作学习专业技术讨论