[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Diagnosing client problem using SSL/TLS



Rerun the search with "-d7" and look at the TLS trace messages.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support 

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Nels Lindquist

> I've been trying to upgrade my OpenLDAP installation in order to 
> resolve some problems I've been having with SASL authentication.
> 
> My current difficulties seem to stem from the OpenLDAP libraries, 
> though, so I'm posting to this list rather than Cyrus-SASL.
> 
> I upgraded to OpenLDAP v2.1.5 from v2.0.23, and then to v2.1.8.
> 
> Without making any changes to configuration files, I got the 
> following error (with ldapsearch):
> 
> > ldap_bind: Can't contact LDAP server (81) additional info:
> > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
> > verify failed 
> 
> Checking the man page revealed new options for dealing with 
> certificate verification.
> 
> I added the line: "TLS_REQCERT    allow" to 
> /usr/local/etc/openldap/ldap.conf, and now I receive the following 
> error:
> 
> > ldap_bind: Can't contact LDAP server (81)
> 
> The server (Netware 6 eDirectory) is working fine; I can connect 
> using insecure LDAP from anywhere, and using secure LDAP from a 
> different machine which still has 2.0.23 installed.
> 
> How should I go about diagnosing this?
> 
> ----
> Nels Lindquist <*>
> Information Systems Manager
> Morningstar Air Express Inc.
> 
> 
>