This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
TLSAcceptFailure5 (code -5875)
TLSAcceptFailure5 (code -5875)

Version management

Difference between version and

At line 1 added 45 lines
!!! Overview
[ndstrace] showing error code -5875
This error is thrown when the LDAP client doesn't trust the [certificate Issuer] so most likely is an LDAP clients out there querying [EDirectory] but never succeed in building up a connection.
You can either try to puzzle the LDAP trace together to get the source IP or you can just run:
{{{
tcpdump -s0 -w myLDAPpacketTrace.cap -i any port 636
}}}
Open the cap file in wireshark and look for 'Unknown CA'Below is a typical entry seen:
{{{
11 LDAP: [2005/09/17 20:35:26.612] New TLS connection 0xee29a8 from 155.180.166.76:2482, monitor = 0x17, index = 9
23 LDAP: [2005/09/17 20:35:26.612] Monitor 0x17 initiating TLS handshake on connection 0xee29a8
11091 LDAP: [2005/09/17 20:35:26.612] (155.180.166.76:2482)(0x0000:0x00) DoTLSHandshake on connection 0xee29a8
11091 LDAP: [2005/09/17 20:35:26.848] (155.180.166.76:2482)(0x0000:0x00) Completed TLS handshake on connection 0xee29a8
11091 LDAP: [2005/09/17 20:35:26.850] (155.180.166.76:2482)(0x1021:0x60) DoBind on connection 0xee29a8
11091 LDAP: [2005/09/17 20:35:26.850] (155.180.166.76:2482)(0x1021:0x60) Bind name:cn=middlewareAdmin,ou=administration,dc=[Directory-Info.com],dc=net, version:3, authentication:simple
11091 LDAP: [2005/09/17 20:35:26.851] (155.180.166.76:2482)(0x1021:0x60) Sending operation result 0:"":"" to connection 0xee29a8
10930 LDAP: [2005/09/17 20:35:26.853] (155.180.166.76:2482)(0x1022:0x63) DoSearch on connection 0xee29a8
10930 LDAP: [2005/09/17 20:35:26.853] (155.180.166.76:2482)(0x1022:0x63) Search request:
base: "ou=people,dc=[Directory-Info.com],dc=net"
scope:0 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
attribute: "objectClass"
10930 LDAP: [2005/09/17 20:35:26.855] (155.180.166.76:2482)(0x1022:0x63) Sending search result entry "ou=people,dc=[Directory-Info.com],dc=net" to connection 0xee29a8
10930 LDAP: [2005/09/17 20:35:26.855] (155.180.166.76:2482)(0x1022:0x63) Sending operation result 0:"":"" to connection 0xee29a8
11101 LDAP: [2005/09/17 20:35:26.857] (155.180.166.76:2482)(0x1023:0x63) DoSearch on connection 0xee29a8
11101 LDAP: [2005/09/17 20:35:26.857] (155.180.166.76:2482)(0x1023:0x63) Search request:
base: "ou=people,dc=[Directory-Info.com],dc=net"
scope:1 dereference:0 sizelimit:100 timelimit:10 attrsonly:0
filter: "(uid=U305870)"
attribute: "uid"
11101 LDAP: [2005/09/17 20:35:26.861] (155.180.166.76:2482)(0x1023:0x63) Sending search result entry "uid=U305870,ou=People,dc=[Directory-Info.com],dc=net" to connection 0xee29a8
11101 LDAP: [2005/09/17 20:35:26.861] (155.180.166.76:2482)(0x1023:0x63) Sending operation result 0:"":"" to connection 0xee29a8
23 LDAP: [2005/09/17 20:35:26.863] (155.180.166.76:2482)(0x0000:0x00) TLS read failure 5 on connection 0xee29a8, setting err = -5875. Error stack:
23 LDAP: [2005/09/17 20:35:26.863] Monitor 0x17 found connection 0xee29a8 socket failure, err = -5875, 0 of 0 bytes read
11057 LDAP: [2005/09/17 20:35:26.863] (155.180.166.76:2482)(0x1024:0x42) DoUnbind on connection 0xee29a8
11057 LDAP: [2005/09/17 20:35:26.867] Connection 0xee29a8 closed
}}}
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop