[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problem with OpenLDAP client tools connecting to Sun Directory Server using STARTTLS
- To: openldap-software@OpenLDAP.org
- Subject: Problem with OpenLDAP client tools connecting to Sun Directory Server using STARTTLS
- From: Simon Kissane <skissane@gmail.com>
- Date: Tue, 24 May 2005 10:55:30 +1000
- Content-disposition: inline
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=p+MV+KtGOVs9XsIgOpK4KcoJteSPXXHcPYJ/LPByTADuHiU6nah4+WfuiAXNjJPRV/apNR/IeEHrVkIZWRQIhFRBxFZPJRTfYExkEHea0TcKcqbc+WxWuHoTT+8AVUpFsYIfpv/dX4Avrv5LdHg9BYWu47TICZ4M3vSRJDhnA4I=
Hi,
I am trying to connect to a Sun Directory Server 5.2 using OpenLDAP
client tools (ldapsearch) under Linux. It says it can't verify the
certificate (the server is using a self-signed certificate which was
generating using OpenSSL). I try adding it as a trusted CA root
certificate in my /etc/ldap.conf file, but to no avail. Can anyone
help me?
This is what happens:
$ ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch 2.2.23 (Mar 11 2005 04:06:07) $
skissane@<...>:/root/openldap-2.2.23/clients/tools
(LDAP library: OpenLDAP 20223)
$ ldapsearch -vv -h <...> -Z
ldap_initialize( ldap://<...> )
ldap_start_tls: Connect error (-11)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
ldap_bind: Can't contact LDAP server (-1)
additional info: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[N.B. Hostnames and IPs above replaced with <...> for security reasons]
This is what I have in my /etc/ldap.conf
pam_password md5
TLS_CACERT /var/www/html/StudentEmail/ca.cer
The /var/www/html/StudentEmail/ca.cer file contains a certificate:
-----BEGIN CERTIFICATE-----
[several lines of base64 certificate ommitted]
-----END CERTIFICATE-----
Many thanks in advance for any help that may be received,
Simon Kissane