[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Diagnosing client problem using SSL/TLS
- To: openldap-software@OpenLDAP.org
- Subject: Diagnosing client problem using SSL/TLS
- From: "Nels Lindquist" <nlindq@maei.ca>
- Date: Wed, 23 Oct 2002 17:04:34 -0600
- Content-description: Mail message body
- Organization: Morningstar Air Express Inc.
I've been trying to upgrade my OpenLDAP installation in order to
resolve some problems I've been having with SASL authentication.
My current difficulties seem to stem from the OpenLDAP libraries,
though, so I'm posting to this list rather than Cyrus-SASL.
I upgraded to OpenLDAP v2.1.5 from v2.0.23, and then to v2.1.8.
Without making any changes to configuration files, I got the
following error (with ldapsearch):
> ldap_bind: Can't contact LDAP server (81) additional info:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> verify failed
Checking the man page revealed new options for dealing with
certificate verification.
I added the line: "TLS_REQCERT allow" to
/usr/local/etc/openldap/ldap.conf, and now I receive the following
error:
> ldap_bind: Can't contact LDAP server (81)
The server (Netware 6 eDirectory) is working fine; I can connect
using insecure LDAP from anywhere, and using secure LDAP from a
different machine which still has 2.0.23 installed.
How should I go about diagnosing this?
----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.