[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SSL3 alert write:fatal:unknown CA
Pierre Burri wrote:
>Hi Kent,
>I looked in your excellent Document OpenLDAP_TLS_howto, also because
Quanah
>Gibson-Mount mentioned it.
>
>In Chapter 7 Using TLS you give the following example:
>
>ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
>'(objectclass=*)' -H ldaps://myserver.com -W -ZZ
>
>I thought TLS was working on port 389 and only SSL was using ldaps://
>If that's true the command would be:
>
>ldapsearch -x -b 'dc=myserver,dc=com' -D "cn=Manager,dc=myserver,dc=com"
>'(objectclass=*)' -h myserver.com -W -ZZ
>
>Pierre
Good catch Pierre!
The command needs to have "ldap://" instead of "ldaps://". Using ldaps://
with "-ZZ" will not enable a connection to the server.
I still prefer "-H <uri>" over "-h <host>" because the latter is
deprecated.
The doc is new and probably has a few more errors so I'll wait before
updating the document. Thanks for catching it and thanks for the great
comment!
Cheers,
Kent Soper
"You don't stop playing because you grow old ...
you grow old because you stop playing."
Linux Technology Center, Linux Security
phonel: 1-512-838-9216
e-mail: dksoper@us.ibm.com