User profile for user: LukeNukem
LukeNukem Author
User level: Level 1
0 points

Address Book + LDAP + SSL Problem

We would like to make the Address Book use our new LDAP service. This seems to work as long as we don't use the SSL option for secure connections to the LDAP server.

As soon as we use SSL (port 636 instead of 389) the connection to the LDAP server fails (the Address Book itself though only displays "No matches found").

When we use third party LDAP Browsers (Jxplorer) or Thunderbird's address book on on the same computer everything works perfectly. However, for these programs to work we had to import the CA that was used to sign the certificate on the LDAP server.
Of course we did the same thing for the Apple Keychain. So the CA now is among the X509Anchors. But still it doesn't work with the Apple Address Book and the Console always has an entry like:

ldap starttls: Can't contact LDAP server (-1)
2005-12-15 16:05:52.482 Address Book[22293] [COMPANY-LDAP] Binding to server did not complete successfully: '-1:Can't contact LDAP server'

Any ideas what the problem is or how to debug the problem?

PowerBook G4 Mac OS X (10.4.3)

PowerBook G4, Mac OS X (10.4.3)

Posted on Dec 15, 2005 7:23 AM

Reply
9 replies
User profile for user: Andrew Casper
Andrew Casper
User level: Level 1
15 points

Jan 13, 2006 7:56 PM in response to LukeNukem

That helps explain why my CommuniGate Pro server never likes Apple Address Book client using SSL. It always gives me a "Error Code=TLS record version is not 3.x" in the logs. Other clients have no trouble connecting over SSL.

The weird thing is that clients can connect if the LDAP server is set in Directory Access. But the LDAP searches done that way are so slow that nobody has the patience to wait for the results.

HOPEFULLY some one at Apple is following this and will finally fix the TLS support in the next update to Address Book.
Reply
User profile for user: LukeNukem
LukeNukem Author
User level: Level 1
0 points

Jan 19, 2006 2:02 AM in response to Andrew Casper

Yes, this may be the same problem.
You led me to a new approach. I haven't known that one could use that Directory Access for the Addressbook as well. And indeed, when I configure the LDAP server via the Directory Access, the Addressbook seems to work.

However, as you mention, the bad news is that the queries are intolerably slow (about 15 seconds...).

I also would appreciate a bug fix of the addressbook 🙂
Reply
User profile for user: derflo
derflo
User level: Level 1
0 points

May 2, 2006 2:23 AM in response to Anthony Vitelli

This thread seems to be dead ... but i Post anyway:

I got the same "Can't connect" issue .. with JXplorer and Thunderbird it works perfektly ?

My ldap server has a slightly newer version then my PowerBook is it possible that this causes the problem ? (Server 2.2.28 - Mac 2.2.19, i think)? By the way i can read the certificate if i connect directly to 636 via openssl!

Can anyone help me with this ?!

I really think this should work ... after all apple brags with ldap support on their front pages ? And they can't mean only unecrypted ldap ... who wants to send all his personal info unencrypted over the internets ?

"You can also look up contact information in LDAP directories and quickly address an e-mail message, make a call or start a chat."

PowerBook G4 1.5Ghz Mac OS X (10.4.6)

PowerBook G4 1.5Ghz Mac OS X (10.4.6)
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Address Book + LDAP + SSL Problem

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up