[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_start_tls: Can't contact LDAP server (81)



* Francois Beretti (francois.beretti@enatel.com) wrote:
> ssl start tls
> TLS hard
> TLS CACERT /demoCA/cacert.pem

That isn't going to work, it should be: TLS_CACERT /path/to/cert.

> but when I try to test the communication :
> [root@linux-integ /]# ldapsearch -ZZ
> ldap_start_tls: Can't contact LDAP server (81)

This won't work because of 'TLS hard'.  You can't actually turn TLS on
for the clients by default unless you use the obsolete ldaps setup.
Hopefully that will be fixed sometime soon.

> and if I put "TLS never" instead of "TLS hard" in ldap.conf I get :
> [root@linux-integ /]# ldapsearch -ZZ
> ldap_start_tls: Connect error (91)
>         additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Try fixing your /etc/ldap/ldap.conf file, hopefully that will help.
Otherwise you might check out:
http://www.openldap.org/faq/data/cache/185.html
I found it very useful.

	Stephen

Attachment: pgp52qwBoMjVk.pgp
Description: PGP signature