[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_start_tls: Can't contact LDAP server (81)

To: Francois Beretti <francois.beretti@enatel.com>
Subject: Re: ldap_start_tls: Can't contact LDAP server (81)
From: Stephen Frost <sfrost@snowman.net>
Date: Fri, 28 Feb 2003 09:18:10 -0500
Cc: Liste OpenLDAP Software <openldap-software@OpenLDAP.org>
Content-disposition: inline
In-reply-to: <1046428968.783.16.camel@linux-integ>
References: <1046428968.783.16.camel@linux-integ>
User-agent: Mutt/1.4i

* Francois Beretti (francois.beretti@enatel.com) wrote:
> ssl start tls
> TLS hard
> TLS CACERT /demoCA/cacert.pem

That isn't going to work, it should be: TLS_CACERT /path/to/cert.

> but when I try to test the communication :
> [root@linux-integ /]# ldapsearch -ZZ
> ldap_start_tls: Can't contact LDAP server (81)

This won't work because of 'TLS hard'.  You can't actually turn TLS on
for the clients by default unless you use the obsolete ldaps setup.
Hopefully that will be fixed sometime soon.

> and if I put "TLS never" instead of "TLS hard" in ldap.conf I get :
> [root@linux-integ /]# ldapsearch -ZZ
> ldap_start_tls: Connect error (91)
>         additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Try fixing your /etc/ldap/ldap.conf file, hopefully that will help.
Otherwise you might check out:
http://www.openldap.org/faq/data/cache/185.html
I found it very useful.

	Stephen

Attachment: pgp52qwBoMjVk.pgp
Description: PGP signature

References:
- ldap_start_tls: Can't contact LDAP server (81)
  - From: Francois Beretti <francois.beretti@enatel.com>

Prev by Date: Re: OpenLDAP install issue with SASL
Next by Date: Re: OpenLDAP install issue with SASL
Index(es):
- Chronological
- Thread