ldapopenldapapacheds

why authentication fails with startTLS connection in apache directory studio?


working environment: openldap on rocky linux 8.5 (vm)

problems: I installed openldap on rocky linux vm, and issued self signed certificate with openssl. (the installation guide i followed is here)

i tested startTLS connection on rocky linux with following command and it worked totally fine.

ldapsearch -x -w (password) -H ldap:/// -D cn=admin,dc=ldapmaster,dc=xxxxx,dc=com 
-b dc=ldapmaster,dc=xxxxx,dc=com -ZZ

but when i try to make a connection with Apache directory studio, it fails at authentication stage, with an error message below:

ERR_04169_RESPONSE_QUEUE_EMPTIED The response queue has been emptied, no response was found.

there was no problem with network parameter check. I cant understand why my connection options works in rocky linux vm, not in ApacheDS.

any help would be highly aprreciated!


Solution

  • It's a bug in the Java LDAP library that Apache Directory Studio uses. Either wait for the next DirStudio release (I believe the problem is already fixed in Git/Svn) or temporarily disable TLSv1.3 support in your LDAP server.


    (Note: Apache Directory Studio is not ApacheDS – that's an LDAP server.)