[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Couldn't start TLS

To: Fábio Gomes <flgomes@fazenda.sp.gov.br>
Subject: Re: Couldn't start TLS
From: Adam Shand <larry@spack.org>
Date: Fri, 9 Feb 2001 11:57:36 -0800 (PST)
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <3A842D01.6A7AB23A@fazenda.sp.gov.br>

> I have intalled a OpenLDAP with SSL support. Basically to use
> ldapmodify to change passwords in the Windows 2000 Active Directory.
> But when I type something like: ldapmodify -D "binddn" -W -b
> "dc=domain" -Z cn=user , the program send me a message saying that
> "WARNING: could not start TLS".

have you created a certificate for your ldap server?  there are some good
messages in the list archives and a faq in the faq-o-matic on the openldap
site.

from what i've read it looks like you need to generate key for a
certificate authority and then sign a second key with that and show both
to openldap.  i don't understand why yet and haven't made it work yet but
that appears to be what is required.

from the faq:
http://www.openldap.org/faq/data/cache/185.html

from the list archives (read through the entire threads)
http://www.openldap.org/lists/openldap-devel/199908/msg00039.html
http://www.openldap.org/lists/openldap-devel/200006/msg00107.html

adam.

References:
- Couldn't start TLS
  - From: Fábio Gomes <flgomes@fazenda.sp.gov.br>

Prev by Date: Re: Getting started
Next by Date: sourcecode path
Index(es):
- Chronological
- Thread