[gnutls-help] issue with Windows 2008r2 Ldap
Hilitec
andre at liechti.net
Mon Dec 28 11:03:35 CET 2015
Seyeong Kim <seyeong.kim <at> canonical.com> writes:
>
> Hello
>
> I have an issue with gnutls ( maybe not ) and Windows 2008r2 Ldap
>
> when I tried to ldapsearch to windows ldap, I got below message
>
> TLS: can't connect: A TLS packet with unexpected length was received..
>
> there are two AD, 2008r2, 2012r2 and I could only see this error on 2012r2
+ ubuntu 14.xx combination
>
> I checked gnutls version
>
> libgnutls26 | 2.12.23-12ubuntu2.3
>
> libgnutls-deb0-28 | 3.3.8-3ubuntu3 | vivid
>
> Is there any commits I can refer to this issue?
>
> I know there are large differences between two versions. so I need an advice.
>
> Thanks
>
Hello,
GnuTLS and SChannel (Microsoft) implementations are not (yet) compatible for
TLS 1.2 negotiation during AD/LDAPS binding.
The trick is to disable TLS1.2 for OpenLDAP like this:
export LDAPTLS_CIPHER_SUITE=NORMAL:!VERS-TLS1.2
If you are binding AD/LDAP from PHP, you can do something like that:
putenv(‘LDAPTLS_CIPHER_SUITE=NORMAL:!VERS-TLS1.2’);
Hope it helps
Best regards,
Andre
More information about the Gnutls-help
mailing list