* Francois Beretti (francois.beretti@enatel.com) wrote: > ssl start tls > TLS hard > TLS CACERT /demoCA/cacert.pem That isn't going to work, it should be: TLS_CACERT /path/to/cert. > but when I try to test the communication : > [root@linux-integ /]# ldapsearch -ZZ > ldap_start_tls: Can't contact LDAP server (81) This won't work because of 'TLS hard'. You can't actually turn TLS on for the clients by default unless you use the obsolete ldaps setup. Hopefully that will be fixed sometime soon. > and if I put "TLS never" instead of "TLS hard" in ldap.conf I get : > [root@linux-integ /]# ldapsearch -ZZ > ldap_start_tls: Connect error (91) > additional info: error:14090086:SSL > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Try fixing your /etc/ldap/ldap.conf file, hopefully that will help. Otherwise you might check out: http://www.openldap.org/faq/data/cache/185.html I found it very useful. Stephen
Attachment:
pgp52qwBoMjVk.pgp
Description: PGP signature