[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: TLS not working with 2.0.14
ons, 10.12.2003 kl. 03.18 skrev Patrick Cranston:
> I'm having difficulty configuring TLS for LDAP. I've followed the
> instructions in this thread:
> http://www.openldap.org/lists/openldap-software/200109/msg00745.html
> for generating a self signed certificate, with the Common Name set as the
> fully qualified domain name of my machine, and the -d127 debug output is
> showing that the CA is unknown. Can anyone offer any suggestions?
Far too little info. At a guess, you aren't pointing ldapsearch to the
CA cert. in [/etc/openldap/|/usr/local/etc]/openldap.conf - 'man
ldap.conf'. The path should be readable by everyone. Openldap has no
problems with self-signed certificates, as long as they are made
available both to the server and the client.
Try: openssl s_client -connect fqdn-name-of-host:636 (presuming DNS or
/etc/hosts is set up correctly) and look for the error number at the top
of the output. Should be 18 or 19.
> ldapsearch -d127 -H ldaps://xxx.xxxx.org -x -b ... -L -ZZ
>
> returns:
No it doesn't :) You'll get an immediate error if you do -ZZ to ldaps:
TLS already started, or suchlike.
--Tonni
--
mail: billy - at - billy.demon.nl
http://billy.demon.nl