Re: Can't contact LDAP server

[Asif Iqbal <iqbala@qwestip.net>]

I truss'd the ldapsearch and found out it is looking for ldap.conf under
openldap dir.

I moved it from /etc to openldap dir and added this in the ldap.conf

TLS_CACERT /path/to/the/ca-certificate-file

Now it does not complain about the self certificate.

-- 
Asif Iqbal
http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x8B686E08
There's no place like 127.0.0.1

On Fri, 7 Nov 2003, Asif Iqbal wrote:

> If I don't declare the host and port
>
> /usr/local/bin/ldapsearch -d 9 -x -ZZ -b 'dc=qwestip,dc=net' '(objectclass=*)'
>
> I get the real error message
>
> [....]
> ldap_msgfree
> TLS trace: SSL_connect:before/connect initialization
> TLS trace: SSL_connect:SSLv2/v3 write client hello A
> TLS trace: SSL_connect:SSLv3 read server hello A
> TLS certificate verification: depth: 1, err: 19, subject:
> /C=US/ST=VA/L=Arlington/O=Qwest
> Communications/OU=IPNNS/CN=Systems/emailAddress=systems@qwestip.net, issuer:
> /C=US/ST=VA/L=Arlington/O=Qwest
> Communications/OU=IPNNS/CN=Systems/emailAddress=systems@qwestip.net
> TLS certificate verification: Error, self signed certificate in certificate
> chain
> TLS trace: SSL3 alert write:fatal:unknown CA
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS trace: SSL_connect:error in SSLv3 read server certificate B
> TLS: can't connect.
> ldap_perror
> ldap_start_tls: Connect error (91)
>         additional info: error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> This is my first time trying to use Secure LDAP
>
> Any help with this is greatly appreciated
>
>