[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Again problems with slurpd



Hi list, hi Peter,

"Peter A. Savitch" wrote:
> 
> As I know, setting `TLS hard' enforces TLS (i.e. no STARTTLS happens).
> It has the same effect as connecting by `ldaps://' URL scheme.
> So, Your slurpd tries to connect to `ldap://' server port 5389 with
> `ldaps://' scheme (is should either try 5636 or set TLS=never with
> 5389).
> 
> You may try to:
> 1) connect to ldaps.hrnet.de:5636 with ldap.conf `TLS=hard'
> 2) set slapd.conf replica `tls=critical', ldap.conf `TLS=never',
>    server ldap.hrnet.de:5389 -- this goes with STARTTLS.
> 
> And please tell me what You've got.

I tried 1) , but what i got is the same as always :(

Here's what slurpd says :

---snipp---

  03b0:  27 48                                              'H
TLS certificate verification: depth: 0, err: 18, subject:
/C=DE/ST=Hessen/L=Niedernhausen/O=HRSoft/OU=Development/
CN=486dx66.hrnet.de/Email=harry@hrnet.de, issuer:
/C=DE/ST=Hessen/L=Niedernhausen/O=HRSoft/OU=Development/
CN=486dx66.hrnet.de/Email=harry@hrnet.de
TLS certificate verification: Error, self signed certificate
tls_write: want=7, written=7
  0000:  15 03 01 00 02 02 30                               ......0
TLS trace: SSL3 alert write:fatal:unknown CA

---snipp---

I thought i got over those certification problems :-(

In the threadstarting message I described how i made my
certificates, is there anything wrong ?

Is the content (C= ... OU=..) important  
(i know the CN must be the name of the server, where slapd is 
running on) ?

I use the same TLS-options for both, the master- and the 
replication-server .. do they have to be different 
(both servers are running as ldap(s).hrnet.de , just on 
 different ports ) ?

Waiting for help ...

greets Harry