yes, i can <br><br><div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> %> /opt/csw/bin/openssl s_client -connect ldaphost:636 -showcerts
</blockquote><div><br>
-bash-3.00# /opt/csw/bin/openssl s_client -connect <a href="http://100.0.4.98:636">100.0.4.98:636</a> -showcerts<br>
CONNECTED(00000003)<br>
depth=1 /C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado<br>
CA/emailAddress=<a href="mailto:postmaster@prueba.uy">postmaster@prueba.uy</a><br>
verify error:num=19:self signed certificate in certificate chain<br>
verify return:0<br>
---<br>
Certificate chain<br>
0 s:/DC=<a href="http://prueba.uy/OU=Informatica/CN=nadia.prueba.uy">prueba.uy/OU=Informatica/CN=nadia.prueba.uy</a><br>
i:/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado<br>
CA/emailAddress=<a href="mailto:postmaster@prueba.uy">postmaster@prueba.uy</a><br>
-----BEGIN CERTIFICATE-----<br>
MIIDiDCCAnCgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCVVkx<br>
:<br>
:<br>
HhvqouYR7L9wjZxzlpQ5mDJPPTm6zeK9ENRzZkDLERcnJtu8ZnNAsk5UiM=<br>
-----END CERTIFICATE-----<br>
1 s:/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado<br>
CA/emailAddress=<a href="mailto:postmaster@prueba.uy">postmaster@prueba.uy</a><br>
i:/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado<br>
CA/emailAddress=<a href="mailto:postmaster@prueba.uy">postmaster@prueba.uy</a><br>
-----BEGIN CERTIFICATE-----<br>
MIIErDCCA5SgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmjELMAkGA1UEBhMCVVkx<br>
:<br>
:<br>
Xn9+rEhj2SzBIJHeE9KeB5dvZKKfakVY0aCbKPj+oQ/2oDcjQd+eP+T78J4zu/4d<br>
-----END CERTIFICATE-----<br>
---<br>
Server certificate<br>
subject=/DC=<a href="http://prueba.uy/OU=Informatica/CN=nadia.prueba.uy">prueba.uy/OU=Informatica/CN=nadia.prueba.uy</a><br>
issuer=/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado<br>
CA/emailAddress=<a href="mailto:postmaster@prueba.uy">postmaster@prueba.uy</a><br>
---<br>
Acceptable client certificate CA names<br>
/C=UY/ST=Montevideo/L=Montevideo/O=YO/OU=Informatica/CN=Certificado<br>
CA/emailAddress=<a href="mailto:postmaster@prueba.uy">postmaster@prueba.uy</a><br>
---<br>
SSL handshake has read 2415 bytes and written 446 bytes<br>
---<br>
New, TLSv1/SSLv3, Cipher is RC4-MD5<br>
Server public key is 2048 bit<br>
Compression: NONE<br>
Expansion: NONE<br>
SSL-Session:<br>
Protocol : TLSv1<br>
Cipher : RC4-MD5<br>
Session-ID: 0894828FC87CBD59EF5AB9B548CA2D19ED317E79AA9A18E414CBE099B8A32C7D<br>
Session-ID-ctx:<br>
Master-Key:<br>
C707109EA19D8BACA456BA763D98A2250FE3CF0095A8BB788887CCEA100F46C505805C55D346350E31C33<br>
76FF3E19911<br>
Key-Arg : None<br>
Start Time: 1179921885<br>
Timeout : 300 (sec)<br>
Verify return code: 19 (self signed certificate in certificate chain)<br>
---<br>
^C<br>
<br>
</div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> %> /opt/csw/bin/ldapsearch -x -ZZZ -h ldaphost -b "dc=prueba,dc=uy"
<br>"objectclass=*"</blockquote><div><br>
<br>
here i have a problem, csw openldap not comes with an ldapsearch
¿:(? (i could't find them), and i can't test in local machine because
is a solaris and this use an native ldap client (i configure them, but
dovecot bind over secure conection don work), so i can test with red
hat client (ldapsearch)<br>
<br>
[root@maximatt ~]# ldapsearch -x -v -Z -p 389 -h <a href="http://100.0.4.98">100.0.4.98</a> \<br>
> -D "cn=bindmailUsers,cn=mailUsers,dc=prueba,dc=uy" \<br>
> -w passbindmailUsers -b "cn=mailUsers,dc=prueba,dc=uy" "uid=toto1"<br>
ldap_initialize( ldap://100.0.4.98:389 )<br>
filter: uid=toto1<br>
requesting: ALL<br>
# extended LDIF<br>
#<br>
# LDAPv3<br>
# base <cn=mailUsers,dc=prueba,dc=uy> with scope sub<br>
# filter: uid=toto1<br>
# requesting: ALL<br>
#<br>
<br>
# toto1, mailUsers, <a href="http://prueba.uy">prueba.uy</a><br>
dn: uid=toto1, cn=mailUsers,dc=prueba,dc=uy<br>
uid: toto1<br>
givenName: toto1<br>
sn: toto1<br>
cn: toto1<br>
quota: 0<br>
uidNumber: 701<br>
gidNumber: 100<br>
homeDirectory: /export/home/vmail/<br>
mailbox: <a href="http://prueba.uy/toto1/">prueba.uy/toto1/</a><br>
objectClass: top<br>
objectClass: person<br>
objectClass: organizationalPerson<br>
objectClass: inetorgperson<br>
objectClass: shadowaccount<br>
objectClass: posixaccount<br>
objectClass: mailaccount<br>
mailHost: <a href="http://prueba.uy">prueba.uy</a><br>
disablesmtp: FALSE<br>
mail: <a href="mailto:toto1@prueba.uy">toto1@prueba.uy</a><br>
disableimap: FALSE<br>
userPassword:: e2NyeXB0fWVLM2tKa2RZN3FBMnM=<br>
<br>
# search result<br>
search: 3<br>
result: 0 Success<br>
<br>
# numResponses: 2<br>
# numEntries: 1<br>
</div></div><br>
<br>
i test conections with an sniffer too (snoop and ethereal) and they are encryted.<br>
<br>
Salu2 ;)