Brian,

Thank you for the inputs. I tried without client parameter & notice unknown protocol.  I am not sure which "protocol" to use in stunnel.conf in my case.

comment out client = yes

restarted stunnel process.

ocm5-197-196:~ # dfm ldap find user1
Warning: Failed to bind to ldap server '127.0.0.1' as user 'CN=Administrator,CN=Users,DC=core,DC=dir,DC=telstra,DC=com': Can't contact LDAP server
Error: Failed to search for user1.

ocm5-197-196:~ # cat /root/stunnel.log
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Clients allowed=500
2013.01.02 19:31:43 LOG5[18156:46934667927072]: stunnel 4.54 on x86_64-unknown-linux-gnu platform
2013.01.02 19:31:43 LOG5[18156:46934667927072]: Compiled/running with OpenSSL 0.9.8a 11 Oct 2005
2013.01.02 19:31:43 LOG5[18156:46934667927072]: Threading:PTHREAD SSL:+ENGINE Auth:none Sockets:POLL+IPv6
2013.01.02 19:31:43 LOG5[18156:46934667927072]: Reading configuration from file /root/stunnel-4.54/tools/stunnel.conf
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Compression not enabled
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Snagged 64 random bytes from /root/.rnd
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Wrote 1024 new random bytes to /root/.rnd
2013.01.02 19:31:43 LOG7[18156:46934667927072]: PRNG seeded successfully
2013.01.02 19:31:43 LOG6[18156:46934667927072]: Initializing service [ldap]
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Certificate: /opt/crt_key.pem
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Certificate loaded
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Key file: /opt/crt_key.pem
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Private key loaded
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Loaded verify certificates from /opt/crt_key.pem
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Loaded /opt/crt_key.pem revocation lookup file
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Could not load DH parameters from /opt/crt_key.pem
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Using hardcoded DH parameters
2013.01.02 19:31:43 LOG7[18156:46934667927072]: DH initialized with 2048-bit key
2013.01.02 19:31:43 LOG7[18156:46934667927072]: ECDH initialized with curve prime256v1
2013.01.02 19:31:43 LOG7[18156:46934667927072]: SSL options set: 0x01000004
2013.01.02 19:31:43 LOG6[18156:46934667927072]: Initializing service [ldap-ha]
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Certificate: /opt/crt_key.pem
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Certificate loaded
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Key file: /opt/crt_key.pem
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Private key loaded
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Loaded verify certificates from /opt/crt_key.pem
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Loaded /opt/crt_key.pem revocation lookup file
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Could not load DH parameters from /opt/crt_key.pem
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Using hardcoded DH parameters
2013.01.02 19:31:43 LOG7[18156:46934667927072]: DH initialized with 2048-bit key
2013.01.02 19:31:43 LOG7[18156:46934667927072]: ECDH initialized with curve prime256v1
2013.01.02 19:31:43 LOG7[18156:46934667927072]: SSL options set: 0x01000004
2013.01.02 19:31:43 LOG5[18156:46934667927072]: Configuration successful
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Service [ldap] (FD=7) bound to 0.0.0.0:389
2013.01.02 19:31:43 LOG7[18156:46934667927072]: Service [ldap-ha] (FD=8) bound to 0.0.0.0:8389
2013.01.02 19:31:43 LOG7[18157:46934667927072]: Created pid file /var/run/stunnel.pid
2013.01.02 19:32:02 LOG7[18157:46934667927072]: Service [ldap] accepted (FD=3) from 127.0.0.1:39760
2013.01.02 19:32:02 LOG7[18157:1073809728]: Service [ldap] started
2013.01.02 19:32:02 LOG5[18157:1073809728]: Service [ldap] accepted connection from 127.0.0.1:39760
2013.01.02 19:32:02 LOG7[18157:1073809728]: SSL state (accept): before/accept initialization
2013.01.02 19:32:02 LOG3[18157:1073809728]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol   <----------
2013.01.02 19:32:02 LOG5[18157:1073809728]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2013.01.02 19:32:02 LOG7[18157:1073809728]: Local socket (FD=3) closed
2013.01.02 19:32:02 LOG7[18157:1073809728]: Service [ldap] finished (0 left)

appreciate your help.

Warm Regards,
Arun kumar c

On Wed, Jan 2, 2013 at 7:29 PM, Brian Wilkins <bwilkins@gmail.com> wrote:
It thinks your server is a client. Remove client = yes. You need to have a client instance if stunnel and a server instance of stunnel. I am not too keen on ldap, but I assume it is unencrypted so use stunnel to tunnel the traffic and then it gets down selected to unencrypted on the receiving end.

Brian


On Wednesday, January 2, 2013, Arun Kumar wrote:
Team,

I am configuring stunnel for the first time.
My Requirement:     "NetApp DataFabricManager" application on SLES10 SP4 platform  <------  (LDAP over Stunnel) -----> Windows 2003 Active Directory, for Active Directory user authentication.


Stunnel.conf:
-----------------------------------------------------------
setuid = root
setgid = root

client = yes

debug = 7
output = /root/stunnel.log

cert = /opt/crt_key.pem
key = /opt/crt_key.pem

pid = /var/run/stunnel.pid

verify = 3
CAfile = /opt/crt_key.pem

options = NO_SSLv2

[ldap]
accept = 389
connect = winad1-197-187:636

[ldap-ha]
accept = 8389
connect = winad2-197-189:636
-----------------------------------------------------------

ocm5-197-196:~ # dfm ldap list
Address                                    Port   Last Use                   Last Failure
------------------------------------------ ------ -------------------------- --------------------------
127.0.0.1                                  389    2013-01-02 14:01:52.000000
127.0.0.1                                  8389   2013-01-02 13:49:35.000000
ocm5-197-196:~ #


ocm5-197-196:~ # dfm ldap find user1
Warning: Failed to bind to ldap server '127.0.0.1' as user 'CN=Administrator,CN=Users,DC=<zz>,DC=<xx>,DC=<yy>,DC=com': Can't contact LDAP server
Error: Failed to search for user1.
ocm5-197-196:~ #

NOTE: If i add active directory server IP in the above list, instead of 127.0.0.1, ldap authentication works fine. 

ocm5-197-196:~ # cat /etc/services
...
.....
........
#### This is a Manual Entry made by root user for AD authentication services & Stunnel Integration ########
ldap-ha         8389/tcp    # 2nd LDAP host for DC redundancy [Redirected to 2nd DC by Stunnel, see /etc/stunnel/stunnel.conf]
ldap-ha         8389/udp    # 2nd LDAP host for DC redundancy [Redirected to 2nd DC by Stunnel, see /etc/stunnel/stunnel.conf]


ocm5-197-196:~ # stunnel /root/stunnel-4.54/tools/stunnel.conf


stunnel.log:

2013.01.02 14:00:42 LOG7[7102:47010476379680]: Clients allowed=500
2013.01.02 14:00:42 LOG5[7102:47010476379680]: stunnel 4.54 on x86_64-unknown-linux-gnu platform
2013.01.02 14:00:42 LOG5[7102:47010476379680]: Compiled/running with OpenSSL 0.9.8a 11 Oct 2005
2013.01.02 14:00:42 LOG5[7102:47010476379680]: Threading:PTHREAD SSL:+ENGINE Auth:none Sockets:POLL+IPv6
2013.01.02 14:00:42 LOG5[7102:47010476379680]: Reading configuration from file /root/stunnel-4.54/tools/stunnel.conf
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Compression not enabled
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Snagged 64 random bytes from /root/.rnd
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Wrote 1024 new random bytes to /root/.rnd
2013.01.02 14:00:42 LOG7[7102:47010476379680]: PRNG seeded successfully
2013.01.02 14:00:42 LOG6[7102:47010476379680]: Initializing service [ldap]
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Certificate: /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Certificate loaded
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Key file: /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Private key loaded
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Loaded verify certificates from /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Loaded /opt/crt_key.pem revocation lookup file
2013.01.02 14:00:42 LOG7[7102:47010476379680]: SSL options set: 0x01000004
2013.01.02 14:00:42 LOG6[7102:47010476379680]: Initializing service [ldap-ha]
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Certificate: /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Certificate loaded
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Key file: /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Private key loaded
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Loaded verify certificates from /opt/crt_key.pem
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Loaded /opt/crt_key.pem revocation lookup file
2013.01.02 14:00:42 LOG7[7102:47010476379680]: SSL options set: 0x01000004
2013.01.02 14:00:42 LOG5[7102:47010476379680]: Configuration successful
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Service [ldap] (FD=7) bound to 0.0.0.0:389
2013.01.02 14:00:42 LOG7[7102:47010476379680]: Service [ldap-ha] (FD=8) bound to 0.0.0.0:8389
2013.01.02 14:00:42 LOG7[7103:47010476379680]: Created pid file /var/run/stunnel.pid
2013.01.02 14:01:52 LOG7[7103:47010476379680]: Service [ldap] accepted (FD=3) from 127.0.0.1:60332
2013.01.02 14:01:52 LOG7[7103:1073809728]: Service [ldap] started
2013.01.02 14:01:52 LOG5[7103:1073809728]: Service [ldap] accepted connection from 127.0.0.1:60332
2013.01.02 14:01:52 LOG6[7103:1073809728]: connect_blocking: connecting 192.168.10.7:636
2013.01.02 14:01:52 LOG7[7103:1073809728]: connect_blocking: s_poll_wait 192.168.10.7:636: waiting 10 seconds
2013.01.02 14:01:52 LOG5[7103:1073809728]: connect_blocking: connected 192.168.10.7:636
2013.01.02 14:01:52 LOG5[7103:1073809728]: Service [ldap] connected remote server from 192.168.10.1:40664
2013.01.02 14:01:52 LOG7[7103:1073809728]: Remote socket (FD=10) initialized
2013.01.02 14:01:52 LOG7[7103:1073809728]: SSL state (connect): before/connect initialization
2013.01.02 14:01:52 LOG7[7103:1073809728]: SSL state (connect): SSLv3 write client hello A
2013.01.02 14:01:52 LOG3[7103:1073809728]: SSL_connect: Peer suddenly disconnected                                              <------------------
2013.01.02 14:01:52 LOG5[7103:1073809728]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2013.01.02 14:01:52 LOG7[7103:1073809728]: Remote socket (FD=10) closed
2013.01.02 14:01:52 LOG7[7103:1073809728]: Local socket (FD=3) closed
2013.01.02 14:01:52 LOG7[7103:1073809728]: Service [ldap] finished (0 left)


I initially started with stunnel-4.14 available with SLES10 GA OS media. Noticed peer disconnected issue.
I went through the stunnel mailing list archive for related issues, but didn't get much help.
Finally upgraded stunnel to v4.54 & to no progress.

google hits mentioned that its configuration issue / client is not accepting sockets..  but finally no clue how to proceed.

Kindly assist "SSL_connect: Peer suddenly disconnected"  & SSL handshake work.

Warm Regards,
Arun 
UNIX admin