[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldapsearch ignoring ldap.conf?
Hi,
I am just arriving at this list and I am messing for the first time with
LDAP/OpenLDAP.
I am testing my server and I have configured it to use SSL all the time.
My problem is that ldapsearch seems to be ignoring my
/usr/local/etc/openldap/ldap.conf file. Why do I say that?
If I create a .ldaprc file with the following content:
-------------------------------------------------------------
TLS_CACERT /etc/ssl/certs/cr_aa.pem
TLS_CERT /etc/ssl/certs/fellini.cert
TLS_KEY /etc/ssl/private/fellini.key
-------------------------------------------------------------
ldapsearch works fine. If I remove it ldapsearch gives me the following
error:
-------------------------------------------------------------
TLS trace: SSL_connect:SSLv3 flush data
tls_read: want=5, got=5
0000: 15 03 01 00 02 .....
tls_read: want=2, got=2
0000: 02 28 .(
TLS trace: SSL3 alert read:fatal:handshake failure
TLS trace: SSL_connect:failed in SSLv3 read finished A
TLS: can't connect.
ldap_perror
ldap_bind: Can't contact LDAP server (81)
additional info: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure
-------------------------------------------------------------
The point is: my /usr/local/etc/openldap/ldap.conf file already has
exactly this same info in it:
-------------------------------------------------------------
# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04
19:57:01 kurt Exp $
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
URI ldaps://fellini.fabricadeideias.com
base dc=fabricadeideias,dc=com
rootbinddn cn=root,dc=fabricadeideias,dc=com
scope one
pam_filter objectclass=posixaccount
pam_login_attribute uid
pam_member_attribute gid
pam_password md5
nss_base_passwd ou=People,dc=fabricadeideias,dc=com?one
nss_base_shadow ou=People,dc=fabricadeideias,dc=com?one
nss_base_group ou=Group,dc=fabricadeideias,dc=com?one
nss_base_hosts ou=Hosts,dc=fabricadeideias,dc=com?one
SSL on
#TLS_CACERTDIR /etc/ssl/certs
TLS_CACERT /etc/ssl/certs/cr_aa.pem
TLS_CERT /etc/ssl/certs/fellini.cert
TLS_KEY /etc/ssl/private/fellini.key
-------------------------------------------------------------
BTW, I am using openldap 2.1.22 over Concetiva Linux 9.
One more thing, I already straced ldapsearch. It does read my
/usr/local/etc/openldap/ldap.conf file ok. It just ignores it's contents
AFAICT.
TIA,
Rodrigo Severo