[Date Prev][Date Next] [Chronological] [Thread] [Top]

problem with ldapsearch/TLS ( or Fedora Core 2?? )

To: openldap-software@OpenLDAP.org
Subject: problem with ldapsearch/TLS ( or Fedora Core 2?? )
From: Barrow H Kwan <bhkwan@thoughtworks.com>
Date: Thu, 21 Oct 2004 19:16:30 -0700

Hi,
I don't know if this is ldapsearch ( or specific to the ldapsearch come with FC2 ). I can make pam_ldap work with tls ( I have run tcpdump to verify it.. ). However when I run "ldapsearch", It kept getting "Error...."

[root@myhost root]# ldapsearch -H ldap://myhost.domain.com -D uid=user1,ou=People,dc=Corporate,dc=Domain,dc=COM -x -W -ZZ
ldap_start_tls: Connect error (91)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I run "openssl s_client...", it is ok..
[root@myhost root]# openssl s_client -connect myhost.domain.com :636 -showcerts -tls1 -CApath /etc/openldap/cacert -key /etc/openldap/certs/myhost.key -cert /etc/openldap/certs/myhost.crt
....
---
Acceptable client certificate CA names
/DC=COM/DC=Domain/DC=Corporate/OU=IS/CN=Domain Certificate Authority/emailAddress=ca@domain.com
---
SSL handshake has read 2324 bytes and written 2433 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 512 bit
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: .........................
Session-ID-ctx:
Master-Key: .............................
Key-Arg : None
Krb5 Principal: None
Start Time: 1098403182
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
....

is it a problem with ldapsearch ?

thanks

Barrow

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: problem with ldapsearch/TLS ( or Fedora Core 2?? )
  - From: Jeff Warnica <jeffw@chebucto.ns.ca>

Prev by Date: Re: LDAP and SASL...
Next by Date: Re: OpenLDAP Replication
Index(es):
- Chronological
- Thread