[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP 2.1.x + NSS+SSL connecting to OpenLDAP 2.0.23 = broken?
Hi,
"nate" <ldap@aphroland.org> writes:
> hello!
>
> I am tryin to figure out if this is a bug or a feature.
> Running slapd in debug mode I see these messages when it tries to
> connect in SSL/TLS:
>
> TLS: can't accept.
> TLS: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> s3_pkt.c:964
>
> I have Debian 3.0r1(x86/sparc), solaris 8(sparc), redhat 7.3(x86) all
> authenticating via SSL/TLS on LDAP running the same configuration:
>
> config for no-ssl:
> host 10.10.10.7
> base ou=People,o=aphroland,c=us
> uri ldap://redhat.aphroland.org:3890/
> ldap_version 3
> binddn cn=nss,o=aphroland,c=us
> bindpw MY_SUPER_SECRET_PASSWORD
> port 3890
> nss_base_passwd ou=People,o=aphroland,c=us?one
> nss_base_group ou=Group,o=aphroland,c=us?one
Your are mixing ldap.conf for clients, using libldap and ldap.conf for
PAM, those files are not identical.
[...]
> my ldap server is openldap 2.0.23 on redhat 7.3. I also have
> openldap 2.0.23 running on a debian 3.0r1 machine.
>
> I would expect them to be compadible. Bug? Feature?
>
> the SuSE 8.1 system has these ldap packages installed:
> openldap2-client-2.1.4-70
> nss_ldap-199-31
> pam_ldap-150-57
>
> any ideas? All LDAP clients are running the same config.
man (5) ldap.conf for openldap-2.1.4
TLS Options
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour